Posted by - News Worthy -
on - November 14, 2022 -
Filed in - Impacts -
malaysia personal data photos Over 800 000 Malaysians' personal data with photos allegedly stolen from MySPR site being sold for about RM9 000 -
124 Views - 0 Comments - 0 Likes - 0 Reviews
The MySPR Daftar website, launched back in 2019, allowed Malaysians to register as voters online. — KAMARUL ARIFFIN/The Star
PETALING JAYA: The personal data of over 800,000 Malaysians, allegedly syphoned from the MySPR Daftar website, is being sold on an online forum for US$2,000 (RM9,240), to be paid in bitcoin or monero cryptocurrency.
The seller claimed that the database contains the info of 802,259 users, including selfies and MyKad photos that were provided for online voting registration on the MySPR Daftar website through the electronic Know Your Customer (eKYC) system.
The database is alleged to contain over 1.6 million photos, with a file size of 67GB.
According to the uploader, the database also contains the full names, MyKad numbers, email addresses, hashed passwords, phone numbers, birth dates and addresses of voters
Though the post was first made back on April 11, its existence was highlighted by Twitter user @acaiijawe https://twitter.com/acaiijawe/status/1590269859270889473
In another post, the uploader is selling the personal data belonging to 22.5 million Malaysians born between 1940 and 2004, allegedly https://www.thestar.com.my/tech/technews/2022/05/18/data-of-malaysians-born-between-1940- and-2004-allegedly-being-sold-for-over-rm40000 obtained from the My Identity API.
As of the time of reporting, both threads made by the uploader are still up on the forum.
MORE THAN 5,600 WORK CHANCES CREATED AT... https://www.thestar.com.my/news/nation/ 2022/11/07/more-than-5600-work-chancescreated-at-perkeso-job-fair
The MySPR Daftar website, launched back in 2019, allowed Malaysians to register as voters online, though with the shift to automatic registration this year, the MySPR system now only functions for changing voting addresses and the application for postal voting for those overseas and other eligible individuals.
The Department of Personal Data Protection declined to comment, saying that the Personal Data Protection Act 2010 (Act 709) doesn't apply to state and federal government bodies, and that the Act served to regulate the processing of personal information in commercial transactions.
CyberSecurity Malaysia (CSM) said it’s still waiting for a response from its tech team, while the Malaysian Communications and Multimedia Commission (MCMC) has yet to respond.