The site was reporting on a viral tweet by Twitter user @acaiijiwe in which a purported seller claimed to be in possession of a MySPR database that includes selfies, MyKad details, and other details such as addresses, e-mail addresses, birth dates, hashed passwords, and full addresses.

The information is allegedly part of the MySPR system’s Electronic Know Your Customer (eKYC) data which was collected in 2019 when the public was able to register themselves as voters online through the newly-launched MySPR Daftar website.

The tweet by @acaiijiwe showed a photo containing a message from a user named @actifedot, who claimed to have sold Malaysians’ data before.

In the message, @actifedot claimed the database contained more than 1.6 million eKYC images with a total file size of 67GB.

The purported seller was asking for US$2,000 (RM9,284) to be paid in either Bitcoin or Monero cryptocurrencies.

Although the listing focused solely on the MySPR online system’s eKYC data, Lowyat.net said the seller also claimed that they are in possession of the full electoral roll with details of 22 million voters.

Lowyat.net said that while @acaiijiwe’s tweet only went viral on Wednesday, the listing was first posted in April according to the tech website’s visit to the unnamed database marketplace.

Lowyat.net also claimed that the same seller was behind the alleged leak of a national registration department (JPN) database of 22.5 million Malaysians in May.

Home minister Hamzah Zainudin previously denied that a leaked database which was allegedly being sold online for US$10,000 (RM43,870) in May belonged to JPN.

The alleged JPN database purportedly contained the details of Malaysians, in particular those born between 1940 and 2004.

FMT has reached out to the EC and police for comment on the Lowyat.net report.