KUALA LUMPUR – A netizen has raised the alarm over what may be the biggest leak of the personal info of millions of Malaysians.
In a Twitter thread, “Cyber Guardian”, who goes by the handle @Radz1112, claimed that a tool called the Open Systems Intelligence (OSINT) was used to gain unauthorised access to National Registration Department (JPN) database.
What makes it all the more worrying is that OSINT is readily available on the publicly accessible Internet (‘clearnet’), allowing virtually anyone to gain access to personal data.
Men in blue not spared too
“Cyber Guardian” also went on to reveal that one could also know whether an individual was working in the army or police with a simple Internet search, where their names, IC, and even home state would be shown.
All you need is someone’s name and maybe birth year, and you can verify that they’re working for the Malaysian police and/or military.
This is such an operational security sh*t show. Our national defense just got f***ed.
“Cyber Guardian” also went on to claim that Malaysians’ MySejahtera information could be retrieved using the OSINT tool but added that one has to pay to gain access.
In light of the alleged breach, “Cyber Guardian” advised Malaysians to remove the following information from their social media accounts to protect their personal data from being stolen, namely their real name, real birthday date, home state and photos of their license plate.
We cannot and should not stop advocating for better national cyber security. Just because we are ‘doxxable’ from being born before 2004, it does not mean our kids should have to suffer the same fate.
Concerned but unsurprised
While the claims have yet to be verified, it later caught the attention of DAP Social Media Bureau chairman Syahredzan Johan, who called upon the government to take action.
“The authorities MUST take this matter seriously. Clearly there is a previous data leak(s?) since this information is in the open already,” he wrote in a tweet.
However, the news did not come as a shock for cyber security expert Fong Choong Fook, who told the New Straits Times that public data has been “widely available”.
Nothing is surprising. The difference is that this author (the Twitter user) claimed that the tools are available on ‘clearnet’ which is on the public Internet, searchable via Google (search engine).
“However, if someone lodged a complaint, it [OSINT] could be easily taken down,” he said.
Fong also said that the government has to be transparent in investigating data breaches as it would help the public in protecting themselves.
“After having suffered so many rounds of data leaks, the government has never even announced what kind of leaks, what have they done in terms of forensic investigation, the people involved and what are the root causes.
“We have no transparency over these kinds of issues,” he said.
It’s unrelated to the article but here’s our brand-new podcast – Talk Je Lah!
Cover image via Bernama & PNC Insights