Massive Malaysian Data Breach Compromises Over 46 Million Phone Numbers

There are data breaches that impact an entire customer group, or even a certain state. And then there are data breaches that impact practically everyone in a nation. This actually happened this week, as practically every citizen of Malaysia, a country that boasts a population of some 31.2 million, was impacted by a cyberattack. A complex data breach compromised over 46.2 million mobile numbers, which could mean multiple numbers for one person, as well as exposed details such as home addresses and SIM card information.

This attack actually first came to light last month, when Lowyat.net, a local technology news website, reported receiving a tip-off that someone was attempting to sell huge databases of personal data. From there, the Malaysian Communications and Multimedia Commission (MCMC) began looking into the matter with the police.

The police have since claimed to have identified multiple potential sources of the leak, but have yet to name them. However, one researcher speculated at the strategy behind these attacks, telling ZDNet that “’low and slow’ attacks could lay stealthily in networks for years without anyone noticing.” Basically, this attack may have been tediously conducted over the course of a few years.

So, what’s the damage? This breach impacted both postpaid and prepaid numbers, as well as all subscribers from major mobile carriers in the country, including Maxis, Altel, Digi, and Celcom. What’s more – in addition to customer data from local telecommunications providers, data was also leaked from various websites containing sensitive information such as Jobstreet.com, Malaysian Medical Association, and Malaysian Housing Loan Applications. Leaked data from Jobstreet.com, for instance, contained the candidate’s login name, nationality, and hashed password.

This means that the impact of this breach goes beyond simply having phone numbers out in the open — this entire set of data is comprehensive enough for cybercriminals to create fraudulent identities to make online purchases.

So, with this massive breach putting private data as well as personal identities at risk, it’s important all those impacted act now to protect themselves. They can start by following these security tips:

  • Set up an alert. If you know there’s a chance your personal data has been compromised, place a fraud alert on your credit so that any new or recent requests undergo scrutiny. This also entitles you to extra copies of your credit report so you can check for anything suspicious. If you find an account you did not open, report it to the police or Federal Trade Commission, as well as the creditor involved so you can close the fraudulent account.
  • Freeze your credit. By freezing your credit, you seal your credit reports so that no one else can take out new accounts or loans in your name. You can do this without impacting your existing lines of credit, such as credit cards. If you want to apply for services or open new accounts, you can temporarily “unfreeze” your credit using a personal identification code only you have.
  • Make passwords a priority. First off, immediately change your password to any of the sites that have been impacted by this breach. Then, be sure to always keep your passwords complex in the case crooks try to guess new ones you’ve set up for your account. You can do this by leveraging a password manager, such as the True Key app. The True Key app can help you create strong passwords, remove the hassle of remembering numerous passwords and log you into your favorite websites automatically using multi-factor authentication.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

Leave a Comment

5 × 5 =