Personal details of more than 46 million mobile users in Malaysia is said to have fallen into the hands of cybercriminals. And the leaked info includes IMEI numbers, IMSI numbers, home addresses, MyKad Number, SIM card info and some of the private details.
The leaked info is of users using the services of the following 12 Malaysian mobile operators- Maxis, DiGi, Altel, Celcom, Enabling Asia, Friend mobile, MerchantTradeAsia, PLDT, RedTone, TuneTalk, Umobile, XOX.
As the population of Malaysia is only around 32 million, the leaked number suggests that the data breach might also include inactive numbers and temporary ones bought by visiting foreigners. So, this clearly suggests that private details of almost the entire population of Malaysia might have fallen into the wrong hands.
Security experts suggest that the latest data breach might make entire Malaysian mobile phone user population vulnerable to social engineering attacks and in some scenarios, phones of some high profile dignitaries might be cloned.
Sources reporting to Cybersecurity Insiders suggest that the leak might have taken place in 2014 and the data was dumped onto dark web early last month.
Yesterday, the details of the hack were made public when a news website & online forum named Lowyat.net handed over the cyber attacks details to the Malaysian Communications and Multimedia Commission(MCMC).
The website owner Vijandren Ramadass is not interested in providing details on how the hacking story reached his publication. But he said that the law enforcement authorities have been provided with the info and an investigation is going on full swing.
Gavin Chow, who works for Cybersecurity Company Fortinet said that scammers can trick the victims in various ways by using the leaked data. This includes the transfer of funds and installing Telco applications filled with malware and spyware on smartphones.
“So, anyone with a little bit of creativity and some tech knowledge can convince unsuspecting victims to install malware on their devices”, says Chow.
MCMC said that unless the telcos admit the breach, nothing much can be done on this issue.