Pierluigi Paganini
November 02, 2017
Millions of Malaysians have been affected by a major data breach, hackers have accessed 46.2 million cellphone accounts after they broke into government servers and databases at a dozen telcos in the country.
Considering that the population of Malaysia is 31.2 million, virtually everyone in the country was affected by the data breach at the Malaysians telecoms providers such as DiGi.Com and Celcom Axiata.
The stolen records include users’ mobile phone numbers, SIM card details, device serial numbers, and home addresses. The hackers also accessed some 80,000 medical records and compromised government websites such as Jobstreet.com.
The Malaysian Communications and Multimedia Commission, along with the police, are investigating the incident.
The news was first reported by the Malaysian news site lowyat.net on 19th October:
“The leak includes postpaid and prepaid numbers, customer details, addresses as well as sim card information – including unique IMEI and IMSI numbers.” reported the website.
“Time stamps on the files we downloaded indicate the leaked data was last updated between May and July 2014 between the various telcos. The exact numbers, broken down by telco/MVNO provider, and further broken down by prepaid or postpaid segments are as below.”
Telco/MVNO |
Total Records |
Last Updated |
Celcom Prepaid |
10,548,183 |
03-06-2014 |
Celcom Postpaid |
4,194,315 |
03-06-2014 |
Digi Prepaid |
11,411,815 |
30-05-2014 |
Digi Postpaid |
2,036,730 |
30-05-2014 |
Umobile postpaid + prepaid |
3,866,672 |
30-05-2014 |
Maxis Postpaid |
2,840,741 |
29-07-2014 |
Maxis Hotlink |
9,562,019 |
29-07-2014 |
Friendi Mobile |
43,523 |
29-06-2014 |
MerchantradeAsia |
446,203 |
07-07-2014 |
Tunetalk |
597,276 |
unknown |
Redtone |
246,613 |
30-05-2014 |
XOX |
79,139 |
30-05-2014 |
Altel |
24,279 |
unknown |
PLDT |
68,900 |
17-07-2014 |
EnablingAsia |
212,139 |
30-04-2014 |
Total |
46,178,547 |
According to Malaysian officials, nearly 50 million mobile phone account records were accessed by hackers.
Aside from the telco database, the authorities confirmed that 3 databases belonging to the Malaysian Medical Council (MMC), the Malaysian Medical Association (MMA), as well as the Malaysian Dental Association (MDA) have also been leaked.
Database |
Total Records |
Last Updated |
Malaysian Medical Association (MMA) |
15,965 |
05-02-2015 |
Malaysian Medical Council (MMC) |
61,062 |
06-03-2015 |
Malaysian Dental Association (MDA) |
4,282 |
25-01-2015 |
Total |
81,309 |
The compromised medical databases include personal information, MyKad numbers, mobile/work/home phone numbers, and work and residential addresses.
The website that reported the news is concerned that no remedial action has been taken by the service providers involved to protect the victims of the data breach.
“While it is the task of the authorities to narrow down the source of the breach, and ensure that a similar incident doesn’t happen again, the key to containing any more serious damage is protecting the individuals affected by the breach.” continues lowyat.net.
“We are urging the telco and MVNO companies mentioned above to alert and start immediately replacing the SIM cards of all affected customers, especially those who have not updated their SIM cards since 2014. While the leaked data alone isn’t sufficient to clone the SIM cards, the information available can be exploited to initiate multiple social engineering attacks against affected users.”
| [adrotate banner=”9″] | [adrotate banner=”12″] |
(Security Affairs – Malaysian Mobile phone numbers, data breach)
[adrotate banner=”5″]
[adrotate banner=”13″]
APT / November 18, 2024
