Malaysia is investing potential attempts to sell the data of more than 46 million mobile phone users online. Experts are saying this is one of the largest data leaks in Asia to date, as it is expected to impact the country’s entire population. The breach was first reported last month by Lowyat.net, after the local technology news website received a tip-off about someone trying to sell a large volume of data of personal information.
Communication and Multimedia Minister Salleh Said Keruak said that that Malaysian Communications and Multimedia Commission (MCMC) is looking into the matter with local police.
Salleh commented, “We have identified several potential sources of the leak and we should be able to complete the probe soon.”
Sources have indicated that the leaked data consists of list of mobile phone numbers, identification card numbers, home addresses and SIM card data of 46.2 million customers from 12 Malaysian mobile phone and mobile virtual network operators.
Cybersecurity experts have stated this kind of a data leak can be used by criminals to create fake identities and make online purchases.
Justin Lie of Cashfield, a Singapore-based anti-fraud company, has compared the Malaysian data leak to the Equifax leak, when data of over 145.5 million people were stolen. Mobile service providers like Maxis, Axiata Group’s Celcom and DiGi are among the most affected, and representatives from these companies have issued statements about their cooperation with police.
According to an anonymous researcher that wished to keep his identity private, the leaked data was trading on various underground forums for the price of 1 bitcoin; the price of 1 bitcoin is around $6,500. The researcher said that the data was traded on the dark web and downloaded by at least 10 people before it was taken offline.