Leaked Malaysian data 'likely on sale for a long time'

KUALA LUMPUR • Personal details of tens of millions of Malaysians obtained from a 2014 data breach have likely been available for sale for a long time, according to the founder of an online portal who revealed the massive data breach this week.

Malaysia said on Wednesday it was investigating an alleged attempt to sell the data of more than 46 million mobile phone subscribers online, in what appears to be one of the largest leaks of customer data in Asia.

Mr Vijandren Ramadass, founder of tech portal lowyat.net, uncovered the data leak when a user tried to sell the data on the portal's forum last month.

Further investigations led him to the Dark Web, where he found links to download the data. He said the fact he was able to obtain all the data for free suggested it had been around for a while. "Somebody might have already made a lot of money from it and somebody else decided to release it," he said.

He added that the data likely came from multiple sources as the data sets had different formats and fields. Time stamps indicate the leaked data was last updated between May and July 2014.

The country's Internet regulator, the Malaysian Communications and Multimedia Commission has said it is investigating along with the police, but there has been no official confirmation of the scale of the breach.

Malaysia's biggest mobile service providers, including Maxis, Axiata Group's Celcom and Digi, among others, have said they are cooperating with the authorities, but have not made any comment on what steps customers who may have been affected should take.


A version of this article appeared in the print edition of The Straits Times on November 03, 2017, with the headline 'Leaked Malaysian data 'likely on sale for a long time''. Subscribe