SINGAPORE - More than 1,500 SingPass accounts could have been accessed illegitimately, potentially threatening the security of citizens' data from how much they earn and where they live to their car number and children's names.
SingPass is a password that was set up for every citizen in 2003 to access the 340-plus e-government services. But SingPass often contains easy-to-guess numbers, such as birth dates, which hackers can readily find out.
In a hastily-called press conference late Wednesday evening, the Infocomm Development Authority (IDA) said it was notified on June 2 by its contractor, locally-based CrimsonLogic, that a number of SingPass users had received a SingPass reset notification letter although they did not request for any password reset.
Then IDA noticed that there were "a lot more" SingPass accounts than there were mobile numbers tied to the accounts to perform functions like password reset. A police report was lodged on June 3.
Based on preliminary checks, IDA said that there was "no evidence to suggest that the SingPass system has been compromised". IDA is now advising the public to set a strong SingPass with at least eight alphanumeric characters, and change it once every few months. IDA is also warning the public not to share their SingPass with anyone.
The passwords of all 1,500 accounts have been reset by the IDA, which is notifying users of this incident.
SingPass transactions have soared more than 10 times since its launch, rising from 4.5 million in 2003 to 46.3 million in 2011. Last year, 57 million transactions were made using SingPass. Now, there are more than 3.3 million SingPass users.