Update: The website went into maintenance mode before being taken down around 6pm.
PETALING JAYA: Through a series of data leaks, Malaysians’ personal information has been sold on the darknet in the past. However, a website would now sell the data on the publicly available internet, or clearnet, collating information on multiple breaches.
The website, highlighted by Twitter user @Radz1112 or “Cyber Guardian”, allows a person to be searched by details such as name, address, phone number, MyKad or military ID or date of birth.
Searching for a person by MyKad ID, for example, will reveal the person’s full name, date of birth, gender and address, he said.
However, more detailed information, including MySejahtera vaccination information, loans, and credit card applications, is hidden behind a paywall.
“OSINT (open source intelligence) tools are common and they show easily accessible information like a person’s social media, but this is one of the few cases where I see country-specific database leaks. compiled in one place,” Radzi1112 said.
He said the website is easily found through a Google search and has the potential to put the data into the hands of many other bad actors who could exploit it for financial or other nefarious purposes.
Radz1112, who claims to be interested in cybersecurity and other disciplines such as criminology, discovered the website while searching for local OSINT tools.
“Since some of the information is paid for, you can still do harm if you have access to the right information,” he said.
He urged users to take steps to protect themselves, including removing personal data – real name, date of birth, license plate and place/date of birth – from social media platforms.
LGMS Berhad chairman and cybersecurity consultant Fong Choong Fook said personal data is usually sold on the dark web, which guarantees anonymity and requires access to specific software. It cannot, for example, be accessed using a Chrome browser.
He added that since these data are published on clearnet, they can be easily removed by authorities once they become aware of them.
Fong, however, is not surprised that personal data is now being sold on clearweb as there have been a series of data leaks in the country, and he felt it had to happen.
The government, he said, has yet to take action or announce the outcome of investigations into alleged data breaches involving its agencies.
“They should be more transparent and announce the outcome of their investigations to the public.
“What did they find?” How did they conduct it? They should share who was involved and what the root cause was so we can take precautions to protect ourselves,” he said.