Mystery email account may shed light on data breach involving 46m Malaysian mobile phone usersNovember 27, 2017 @ 6:00PM
By HANI SHAMIRA SHAHRUDIN
KUALA LUMPUR: Police are tracking down the owner of an e-mail account as part of an investigation into a massive online breach of information involving over 46 million mobile phone subscribers in Malaysia.
Investigators have zeroed in on an e-mail account which they believe could shed light on the investigation. However, Inspector-General of Police Tan Sri Mohamad Fuzi Harun said the owner of the account has yet to be found.
Fuzi did not elaborate on how the email was connected to the investigation or what it was being used for.
“It is still under investigation,” he said.
Earlier today, an online news portal reported that after analysing the data from the breach, it concluded that the data might have been destined for the Malaysian Communication and Multimedia Commission's (MCMC) Public Cellular Blocking Service (PCBS) system.
Upon analysing the data, the portal claimed it uncovered details of how the breach specific to the telecommunication companies (telco) data may have occurred, as they found several file names of the leaked telco data containing either the word PCBS, MCMC or SKMM. It said file names from at least six telcos had used these references.
SKMM is also an abbreviation for the MCMC.
The PCBS was an initiative by the MCMC to provide a service to deactivate mobile phones when they are reported stolen. It was launched in 2014.
Following the launch, the Malaysian Central Equipment Identity Register (MCEIR) was created, which is a database of International Mobile Equipment Identity (IMEI) numbers, a unique serial number to identify every mobile phone in the country.
The PCBS however was not managed by MCMC but outsourced to a private firm.
The portal had reported that police were investigating the firm over the data leak.
Fuzi had said investigators were working with telco companies to pinpoint the source of the leak, but the motive has yet to be established.
The data breach was first reported last month by public online forum Lowyat.net, which said it had received information that someone was trying to sell huge databases of personal information.
The databases comprised mobile phone numbers, identification card numbers, home addresses, IMEI and SIM card data of 46.2 million customers of at least 12 Malaysian mobile phone operators.
The databases are also believed to contain private information of more than 80,000 individuals, leaked from records of the Malaysian Medical Council, the Malaysian Medical Association, and the Malaysian Dental Association, Lowyat.net reportedly said.