Massive Malaysian Data Breach Compromises Over 46 Million Phone Numbers

By on

There are data breaches that impact an entire customer group, or even a certain state. And then there are data breaches that impact practically everyone in a nation. This actually happened this week, as practically every citizen of Malaysia, a country that boasts a population of some 31.2 million, was impacted by a cyberattack. A complex data breach compromised over 46.2 million mobile numbers, which could mean multiple numbers for one person, as well as exposed details such as home addresses and SIM card information.

This attack actually first came to light last month, when Lowyat.net, a local technology news website, reported receiving a tip-off that someone was attempting to sell huge databases of personal data. From there, the Malaysian Communications and Multimedia Commission (MCMC) began looking into the matter with the police.

The police have since claimed to have identified multiple potential sources of the leak, but have yet to name them. However, one researcher speculated at the strategy behind these attacks, telling ZDNet that “’low and slow’ attacks could lay stealthily in networks for years without anyone noticing.” Basically, this attack may have been tediously conducted over the course of a few years.

So, what’s the damage? This breach impacted both postpaid and prepaid numbers, as well as all subscribers from major mobile carriers in the country, including Maxis, Altel, Digi, and Celcom. What’s more – in addition to customer data from local telecommunications providers, data was also leaked from various websites containing sensitive information such as Jobstreet.com, Malaysian Medical Association, and Malaysian Housing Loan Applications. Leaked data from Jobstreet.com, for instance, contained the candidate’s login name, nationality, and hashed password.

This means that the impact of this breach goes beyond simply having phone numbers out in the open — this entire set of data is comprehensive enough for cybercriminals to create fraudulent identities to make online purchases.

So, with this massive breach putting private data as well as personal identities at risk, it’s important all those impacted act now to protect themselves. They can start by following these security tips:

  • Set up an alert. If you know there’s a chance your personal data has been compromised, place a fraud alert on your credit so that any new or recent requests undergo scrutiny. This also entitles you to extra copies of your credit report so you can check for anything suspicious. If you find an account you did not open, report it to the police or Federal Trade Commission, as well as the creditor involved so you can close the fraudulent account.
  • Freeze your credit. By freezing your credit, you seal your credit reports so that no one else can take out new accounts or loans in your name. You can do this without impacting your existing lines of credit, such as credit cards. If you want to apply for services or open new accounts, you can temporarily “unfreeze” your credit using a personal identification code only you have.
  • Make passwords a priority. First off, immediately change your password to any of the sites that have been impacted by this breach. Then, be sure to always keep your passwords complex in the case crooks try to guess new ones you’ve set up for your account. You can do this by leveraging a password manager, such as the True Key app. The True Key app can help you create strong passwords, remove the hassle of remembering numerous passwords and log you into your favorite websites automatically using multi-factor authentication.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

Categories: Consumer Threat Notices
Tags: , ,

Leave a Comment

Similar articles

As ransomware threats become more sophisticated, the tactics cybercriminals use to coerce payments from users become more targeted as well. And now, a stealthy strain is using deceptive techniques to mask its malicious identity. Meet CryptoMix ransomware, a strain that disguises itself as a children’s charity in order to trick users into thinking they’re making ...
Read Blog
It’s no secret – IoT devices are creeping into every facet of our daily lives. In fact, Gartner estimates there will be 20.4 Billion IoT devices by the year 2020. More devices mean greater connectivity and ease of use for their owners, but connectivity also means more opportunities for hacks. With CES 2019 kicking off this ...
Read Blog
Today, we at McAfee are announcing some exciting new security solutions and integrations at CES in Las Vegas. For those of you who are unfamiliar with CES, it is the global stage for innovators to showcase the next generation of consumer technologies. McAfee now delivers protection to more than 500 million customers worldwide, and we ...
Read Blog