Data breach of Malaysian Government website

by

Malaysian government’s data has been dumped on one of the dark web sites. Leakbase has confirmed that it has access to over 1 million user records from a Malaysian government website.

We look at the details of this data breach below.

Key points about the Malaysian Government data breach incident

  • Hacker claims that he has access to over 1 million user records from Malaysian Government websites.
  • User data that has been compromised includes user details such as User id, User name, Address, Email address etc.
  • The hacker claims that the data breach involves access to 9 MySQL databases. These databases contain user records.
  • The database names that have been hacked are listed below for ready reference.
  • The data was dumped on one of the dark web forums on 9th February 2023.
  • The data breach was first reported on 18th January 2023. Presumably, the actual breach may have taken earlier.
  • Some Malaysian correspondents have stated that the date breach affects the province of Penang. In other words, the user details that have been compromised are from the province of Penang in Malaysia.

There has been no official confirmation of the data breach by the Penang Government representatives.

Data breach of Penang Government website

The databases that have been hacked include the following MySQL database files:

  • smartplan.penang.gov.my.sql
  • iyers.gov.my.sql
  • digitalimaging.com.gov.my.sql
  • idrecktori.penang.gov.my.sql
  • muftiwp.gov.my.sql
  • ukas.gov.my.sql
  • audit.gov.my.sql
  • apad.gov.my.sql
  • intranet.st.gov.my.sql

Malaysian Government websites have had an ignominious record against hackers. There have been data breaches in the past as well.

Meanwhile, the Penang state executive councilor Zairil Khir Johari has stated that the database is outdated. He also confirmed that “The state secretary’s office that runs the website has been instructed to carry out an assessment of vulnerability to prevent future breaches.”

In any case, a full-scale audit of the Government websites should be conducted to gauge the impact of this data breach. A data breach involving citizens’ data poses serious risks to the users in terms of identity theft.

In most cases, it has been found that third-party agencies manage some Government websites. Lax security protocols and poor vulnerability scanning and remediation lead to easy data breaches.

On a similar note, poor database security practices cause easy loopholes within the system. These loopholes get exploited by amateur and semi-professional hackers easily.

How useful was this post?

Click on a star to rate it!

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?

Rajesh Dhawan

Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.