46.2 million mobile numbers have appeared online following a data breach that affected several Malaysian telecommunication companies.

The incident involves 15 Malaysian telcos and mobile virtual network operators (MVNO). Included in the leak are customers’ mobile numbers along with their personal and device information. Of note, those exposed details contain customers’ IMEI and IMSI numbers that can help identify a device based on its SIM card.

A screenshot of one of the affected telco’s customer database. (Source: Lowyat.net)

Malaysian Internet forum and technology magazine website Lowyat.net first learned of the breach in mid-October 2017 when it received a tip that someone was attempting to sell several large databases of personal information on its forums. It subsequently decided to review the databases. This analysis revealed the telco customer database along with three databases belonging to the Malaysian Medical Council (MMC), the Malaysian Medical Association (MMA), and the Malaysian Dental Association (MDA).

Lowyat.net notified the Malaysian Communications And Multimedia Commission (MCMC) at the time of publication. A day later, the MCMC requested that the technology magazine website take down the original article. But a day after that on 20 October, the Commission published a statement on Facebook confirming an ongoing investigation into a data breach involving several telcos. Lowyat.nets original reappeared that same day.

In a subsequent post, Lowyat.net reveals the breach likely occurred back in May and July 2014. It’s therefore difficult to determine how long the data has been available for sale on the web or how long the hackers maintained access to the affected companies’ systems. Those responsible for the attack might have spent years gathering all that information.

Dr. Mazlan Ismail, the chief operating officer of the MCMC, said the Commission is currently working with all Malaysian telecommunication (Read more...)