The Daily Swig Web security digest

Malaysian telco breach results in leak of 46.2m mobile numbers

James Walker | 30 October 2017 at 15:00

Attack dating back to 2014 thought to affect entire country.

The personal information of millions of Malaysians is thought to have been compromised, as reports surface of a massive data breach impacting the country’s telecommunications sector.

Following an initial report earlier this month, Malaysian tech journal Lowyat.net has confirmed that roughly 46.2 million cellphone numbers from at least 12 of the country’s leading telcos have been leaked online.

According to Lowyat, the leak includes mobile numbers, customer details, addresses, and SIM card information. Timestamps on the files indicate the data was last updated in mid-2014.

After being alerted to the illicit actor who was attempting to sell huge databases of personal details on the darknet, Lowyat said it informed the Malaysian Communications and Multimedia Commission.

The telecoms regulator subsequently issued a statement on Facebook, informing the country’s residents that it was investigating the matter:

Malaysia has a population of 32 million, and it is believed that the entire country might have been affected by the breach.

While the leaked data alone – which includes unique IMEI and IMSI numbers – is not sufficient to clone SIM cards, Lowyat said it was urging the telcos to replace the SIM cards of all affected users.