Malaysian data breach sees 46 million phone numbers leaked Published duration 31 October 2017

image copyright Getty Images image caption Malaysia's communication watchdog is investigating a huge data breach affecting 46 million mobile subscribers

A massive data breach has seen the customer data of more than 46 million mobile subscribers in Malaysia leaked on to the dark web.

The leaked information includes mobile numbers, unique phone serial numbers, as well as home addresses.

Personal information from multiple Malaysian public sector and commercial websites was also stolen.

The Malaysian Communications and Multimedia Commission (MCMC) is now investigating.

The data breach was first discovered by Malaysian technology news website Lowyat.net

The website was informed that someone was trying to sell huge databases of personal details for an undisclosed amount of Bitcoin on its forums.

Stolen data

The individual was trying to sell a huge amount of private customer information from at least 12 Malaysian mobile operators:

Maxis

DiGi

Altel

Celcom

Enabling Asia

Friendimobile

MerchantTradeAsia

PLDT

RedTone

TuneTalk

Umobile

XOX

A huge amount of personal data was also stolen from Jobstreet.com and the:

Malaysian Medical Council

Malaysian Medical Association

Academy of Medicine Malaysia

Malaysian Housing Loan Applications

Malaysian Dental Association

National Specialist Register of Malaysia

Lowyat.net says it reported the incident to Malaysia's communications watchdog on 18 October, and that the MCMC initially made the website take its story down.

However, the MCMC confirmed the data breach a day later in a press statement released on Facebook , and then on Monday confirmed that 46.2 million mobile subscribers were affected by the data breach.

Entire country affected

It is believed that the entire country - Malaysia has a population of 32 million - might have been affected by the breach, as well as foreigners who were on temporary pre-paid mobile phone numbers.

Under Malaysian law, service providers are required to keep customers' personal data secure, so there will probably be legal repercussions.

Dr Mazlan Ismail, the chief operating officer of the MCMC, told the Malay Mail Online that it had met with all of the country's telecommunications companies to work out how the data breach had occurred.

"This is to ensure that they understand what is happening now, especially when the police, through the Commercial Crime Investigation Department, visit them to investigate," said Dr Ismail.