UPDATE: SayaKenaHack.com will no longer be operational on Sunday. More details below.
A few weeks ago, Lowyat.net reported that the personal data for millions of Malaysians had been released as part of a huge telco data breach. Now the only place we can check if our data has been compromised is now blocked by MCMC.
The data breach checking site, sayakenahack.com was created by tech blogger Keith Rozario, who made it possible for anyone to check if they were, in fact, part of the breach by inputting their IC number. Over 46.2 million phone numbers were exposed, and this includes addresses, SIM and IC numbers as well as IMEI and IMSI numbers, absolutely nothing to shake a stick at. Some users even reported that they had phone numbers registered to their myKads which they weren’t aware of.
Now, due to a recent block by the MCMC, the said site is no longer accessible, very likely due to concerns that the information there could be misused.
Rozario, in an attempt to still make the site available, made an alternative checking site, but it doesn’t seem to be properly functional. The site only allows you to check if your IC is in the database of information leaked, but does not give any other information like names and addresses, to safeguard those who lost their data. If you’re affected, the site will show where your data was harvested from, and what data is exposed without revealing your full mobile number. It is worth noting that the information breached was collected from 2014.
However, you should still be able to access the original site if you have Google DNS enabled on your computer, and if you don’t, you can follow these steps (or these, if you’re on Windows 10) to get it enabled.
So what if your data has been involved in the breach? Sadly there isn’t all that much you can do at the moment but MCMC already has an investigation underway.
To curb any abuse of information for new SIM registration, MCMC has already introduced new guidelines for new prepaid registration and top-ups. The changes are expected to take effect starting 1 January 2018 so we can expect much stricter protocols from then on out.
UPDATE: MCMC has issued a statement that the site has been blocked under the Malaysia Private Data Protection Act 2010.
UPDATE 2: Keith Rozario, the man behind SayaKenaHack.com will disable the site’s database at midnight on Sunday (19 November). So you have just a few days left to check if you’re information has been compromised. He has also shared his thoughts on the data breach as well as MCMC’s handling of the situation. You can read his latest post here.