KUALA LUMPUR: A cyber security services company warned that leaked data could be used by hackers to carry out social engineering attacks to trick users into divulging their details.
This include the victim’s their financial information, passwords or even phone cloning where the identity of the victim is copied to another phone.
Quann Malaysia, formerly known as e-Cop Malaysia, released a statement following the leak of 46.2 million mobile phone numbers of Malaysian telcos and mobile virtual network operators.
The leak, also includes postpaid and prepaid numbers, customer details, addresses as well as sim card information – including unique International Mobile Equipment Identity (IMEI), a unique number given to every single mobile phone and International Mobile Subscriber Identity (IMSI) numbers, a unique identifier that defines a subscriber in the wireless world, including the country and mobile network to which the subscriber belongs.
Quann Malaysia General manager Ivan Wen said that buyers could anonymously purchase 46.2 million Malaysian mobile users data for merely RM32,000, or equivalent to 1 Bitcoin.
“The sale in Bitcoin means that any company or person can anonymously purchase the whole list from this anonymous hacker.
“Currently, while actual Bitcoin transactions are transparent online, the identities of both the seller and buyer remain anonymous and cannot be tracked,” the statement read.
Wen says that few countries have yet to put in place proper Know-Your Customer regulations with regards to Bitcoin purchases.
He said it is high time for the country to take a different approach when dealing with the spiraling number of worldwide ransomware demands.
“It is almost impossible to stop any sale of the leaked data, unless the affected companies pay a ransom to the hacker or data thief. This, however, does not guarantee that the data would not be leaked.
“We hope that regulators and policy makers will take action to put in more defined processes and regulations, for example in the upcoming Cyber Security law, to track the purchase and dealings in Bitcoin among Malaysians, so that fraudulent (data) purchases can be tracked.”
Wen said individuals or companies found purchasing these leaked data, should be penalised. The hacking only existed as there were buyers to fund the hackers.
Wen also urged Malaysian Communications and Multimedia Commission (MCMC) to aid Bank Negara in drafting regulations to stop such fraudulent purchase.
In order to safeguard oneself, Wen advised Malaysians who have not replaced their sim cards since 2014 to do so.
“While SIM cards cannot be cloned with the leaked data, the data that has been breached is sufficient to cause significant damages to unsuspecting users.”
Deputy Inspector-General of Police Tan Sri Noor Rashid Ibrahim had said the police are working closely with MCMC and telecommunication companies to solve the data-leak case but the investigation would take time due to the technicality of the matter.
Other than telcos, three databases belonging to the Malaysian Medical Council, Malaysian Medical Association and Malaysian Dental Association had also been leaked.