When a rumor began on popular message board lowyat.net on October 20 regarding a massive security breach affecting 46.2 million (more than the population of the country) Malaysians’ personal data, everyone, including their second secret mobile, was decidedly concerned that it could include them.
Then a week later, the Communication and Multimedia Ministry confirmed that information that included email addresses, login credentials and IC numbers was indeed leaked, and said they would be investigating how such a massive sensitive data dump could happen. Also, change your passwords, and get with that two-step log-in process.
Today, we learn that one of the groups that had their security compromised, the Malaysian Dental Association (MDA), knew about the leak of personal details back in February. CyberSecurity Malaysia, and Malaysia Computer Emergency Response Team (MyCERT), hired to protect their digital networks, were alerted by a foreign security organization, that their members’ login credentials had been decoded.
They were able to pass the information along to their users, reset passwords, and amp up their digital security.
MyCERT followed-up with investigations and found that MDA’s host server had been hacked, and quickly changed their server to another provider, without further ado. They also upgraded their firewall.
Worryingly, after looking into the matter, CyberSecurity Malaysia concluded that MDA’s security was breached as far back as five years ago.
Another group that was cyber attacked was the Malaysian Medical Association (MMA). Speaking to The Malay Mail, they said that they had been unaware of any data theft until the thread began to gain traction on lowyat on October 19. However, upon hearing the news, they also have taken action to increase their cyber security.
The lowyat story gained wide public awareness two weeks ago, when a mysterious thread appeared claiming that several Malaysian telcos were involved in extensive security breaches of customer personal data. Operators like DiGi, Celcom, Maxis, Tunetalk, Redtone and Altel have all been affected.
The Communications and Multimedia Ministry is currently investigating possible suspects behind the theft, has said they have already found people of interest.