2014 Data Breach – 46.2 Million Malaysian Mobile phone numbers leaked online

Pierluigi Paganini November 02, 2017

46.2 Million Malaysian Mobile phone numbers leaked online, authorities confirmed data were stolen from government servers and databases at a dozen telcos.

Millions of Malaysians have been affected by a major data breach, hackers have accessed 46.2 million cellphone accounts after they broke into government servers and databases at a dozen telcos in the country.

Considering that the population of Malaysia is 31.2 million, virtually everyone in the country was affected by the data breach at the Malaysians telecoms providers such as DiGi.Com and Celcom Axiata.

The stolen records include users’ mobile phone numbers, SIM card details, device serial numbers, and home addresses. The hackers also accessed some 80,000 medical records and compromised government websites such as Jobstreet.com.

The Malaysian Communications and Multimedia Commission, along with the police, are investigating the incident.

The news was first reported by the Malaysian news site lowyat.net on 19th October:

“The leak includes postpaid and prepaid numbers, customer details, addresses as well as sim card information – including unique IMEI and IMSI numbers.” reported the website.

“Time stamps on the files we downloaded indicate the leaked data was last updated between May and July 2014 between the various telcos. The exact numbers, broken down by telco/MVNO provider, and further broken down by prepaid or postpaid segments are as below.”

Telco/MVNO
Total Records
Last Updated
Celcom Prepaid
 10,548,183
03-06-2014
Celcom Postpaid
 4,194,315
03-06-2014
Digi Prepaid
 11,411,815
30-05-2014
Digi Postpaid
 2,036,730
30-05-2014
Umobile postpaid + prepaid
 3,866,672
30-05-2014
Maxis Postpaid
 2,840,741
29-07-2014
Maxis Hotlink
 9,562,019
29-07-2014
Friendi Mobile
 43,523
29-06-2014
MerchantradeAsia
 446,203
07-07-2014
Tunetalk
 597,276
unknown
Redtone
 246,613
30-05-2014
XOX
 79,139
30-05-2014
Altel
 24,279
unknown
PLDT
 68,900
17-07-2014
EnablingAsia
 212,139
30-04-2014
Total
  46,178,547

According to Malaysian officials, nearly 50 million mobile phone account records were accessed by hackers.

Aside from the telco database, the authorities confirmed that 3 databases belonging to the Malaysian Medical Council (MMC), the Malaysian Medical Association (MMA), as well as the Malaysian Dental Association (MDA) have also been leaked.

Database
Total Records
Last Updated
Malaysian Medical Association (MMA)
15,965
05-02-2015
Malaysian Medical Council (MMC)
61,062
06-03-2015
Malaysian Dental Association (MDA)
4,282
25-01-2015
Total
81,309

The compromised medical databases include personal information, MyKad numbers, mobile/work/home phone numbers, and work and residential addresses.

The website that reported the news is concerned that no remedial action has been taken by the service providers involved to protect the victims of the data breach.

“While it is the task of the authorities to narrow down the source of the breach, and ensure that a similar incident doesn’t happen again, the key to containing any more serious damage is protecting the individuals affected by the breach.” continues lowyat.net.

“We are urging the telco and MVNO companies mentioned above to alert and start immediately replacing the SIM cards of all affected customers, especially those who have not updated their SIM cards since 2014. While the leaked data alone isn’t sufficient to clone the SIM cards, the information available can be exploited to initiate multiple social engineering attacks against affected users.”

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Malaysian Mobile phone numbers, data breach)

[adrotate banner=”5″]

[adrotate banner=”13″]



you might also like

leave a comment