Malaysian Data Breach Leaves Stolen Data Online for a ‘Long Time’

Share and earn Cybytes
Facebook Twitter LinkedIn Email

A 2014 data breach may have left the personal details for tens of millions of Malaysians for sale online for “a long time,” according to Vijandren Ramadass, the founder of tech portal, who uncovered the data leak.

According to a New York Times report, “Malaysia said on Wednesday it was investigating an alleged attempt to sell the data of more than 46 million mobile phone subscribers online, in what appears to be one of the largest leaks of customer data in Asia.”

The leak is alleged to have affected almost every Malaysian and maybe millions of tourists. A user tried to sell the data on last month.

Ramadass’ investigation into the leak led him to the dark web, where he found web links to download the data, the Times noted. Ramadass said the fact he was able to obtain all the data for free suggested it had been around for a while. Time stamps indicate the leaked data was last updated between May and July 2014.

“Somebody might have already made a lot of money from it, and somebody else decided to release it,” Ramadass told Reuters. “The longer the data it is out there, the more likely it is to be released for free.”

The leaked data might allow criminals to create fraudulent identities to make online purchases, included mobile phone numbers, ID numbers, addresses, and SIM card data. It also contained personal data from some medical associations and a jobs portal, the Times report noted.

It’s crazy to think that this amount of data could wind up for free on the dark web three years after a breach and the organization breached has no idea it ever happened. The mean time to detect is still entirely too long.

This leak could be used from everything from phone cloning to more nefarious activities.  

The leak not only puts individuals at risk but also could be used to harm organizations. An attacker could use this data to spoof the mobile device of your CEO or CFO and send you a text message telling you to complete a wire transfer. Any intelligence agency would be more then happy to have access to this much data on mobile users.

Organizations have to ensure they know where their valuable data is and ensure they have controls in place to not only detect the breach but also detect if the data hits the dark web.

This organization had multiple chances along the way to detect the breach, the exfiltration of data and the subsequent posting of the data on the dark web. It’s also quite possible that based on “weird” activities reported from users they may have been able to figure it out. We remain marginally better than 20 years ago in detecting breach activity. We have to get better on this and we have to get better now.

The post Malaysian Data Breach Leaves Stolen Data Online for a ‘Long Time’ appeared first on Carbon Black.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
About Carbon Black, Inc.
Carbon Black is the leading provider of next-generation endpoint security. Carbon Black’s Next-Generation Antivirus (NGAV) solution, Cb Defense, leverages breakthrough prevention technology, “Streaming Prevention,” to instantly see and stop cyberattacks before they execute. Cb Defense uniquely combines breakthrough prevention with market-leading detection and response into a single, lightweight agent delivered through the cloud. With more than 7 million endpoints under management, Carbon Black has more than 2,500 customers, including 30 of the Fortune 100. These customers use Carbon Black to replace legacy antivirus, lock down critical systems, hunt threats, and protect their endpoints from the most advanced cyberattacks, including non-malware attacks.
Promoted Content
15-Day Free Trial of NGAV + EDR in the Cloud
Compare Cb Defense to your current solution using real world scenarios, and see how operations transform across your security and IT teams. After you’ve finished the trial, you’ll have everything you need to build a business case and make the switch.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?