Over 46 million mobile numbers leaked online, says report

phone-lowyatPETALING JAYA: Over 46 million mobile phone numbers from Malaysian telcos and mobile virtual network operators (MVNO) have been leaked online, technology news site lowyat.net confirmed today.

The report said the leak included postpaid and prepaid numbers, customer details, addresses as well as SIM card information.

“Time stamps on the files we downloaded indicate the leaked data was last updated between May and July 2014 between the various telcos,” lowyat.net said.

The data was from various telcos including DiGi, Celcom, Maxis, Tunetalk, Redtone and Altel.

“We are also now fairly certain that the individual who tried to sell the data two weeks back acquired the data in a similar fashion that we did, and tried to make a quick profit by attempting to sell it on our forums.

“We have shared all details regarding the data that we uncovered, as well as how we managed to obtain all the data with the MCMC (Malaysian Communications and Multimedia Commission) last week,” lowyat.net said.

News about an alleged leak was first published by the technology site in a report titled “Personal data of millions of Malaysians up for sale, sources of breach still unknown” on Oct 19.

The report had claimed that the personal data of millions of Malaysians from the databases of an online recruitment portal and medical associations, as well as over 50 million records of customer data from various telcos, were up for sale online.

The article, however, was removed shortly after it was published following orders from MCMC.

The regulatory body later said in a statement that the order to take down the report was a “preventive measure”.

Lowyat.net then restored the original article on Oct 20 with MCMC’s approval.

The technology site said it believed the leaked data was already being traded online much earlier than estimated.

“Based on the condition of the files that we obtained, we are quite certain that it has already changed hands more than once.”

It said the MCMC was following up with the relevant agencies to determine the source of the breach.

“While it is the task of the authorities to narrow down the source of the breach, and ensure that a similar incident doesn’t happen again, the key to containing any more serious damage is protecting the individuals affected by the breach.

“We are urging the telco and MVNO companies mentioned above to alert and start immediately replacing the SIM cards of all affected customers, especially those who have not updated their SIM cards since 2014. While the leaked data alone isn’t sufficient to clone the SIM cards, the information available can be exploited to initiate multiple social engineering attacks against affected users,” lowyat.net said.