On the 19th of October, Lowyat.net reported that a user was selling the personal data of MILLIONS of Malaysians on their forum. Shortly after, the article was taken down on the request of the MCMC, only to put up again, a couple of days later.
Lowyat later reported that a total of 46.2 Million phone numbers were exposed, and the data included IC numbers, Addresses, IMSI, IMEI and SIM numbers as well. In short, a lot of data from a lot of people.
So Malaysia joined the ranks of The Phillipines, Turkey and South Africa to have data on their entire population leaked on the internet. [Spoiler alert: This is not a good thing]
Where can I check?
You can head over to a site I created: sayakenahack.com to check if you’re part of the breach. So far I’ve loaded data from Maxis, Digi, Celcom and UMobile onto the site. I’ll be adding the smaller telcos later this week (stay tuned).
Medical council, etc…I’m still debating whether I should put that in. Maybe some doctors don’t want to be identified as doctors, so that data stays out for now.
Waah… That means you downloaded illegal data?
Technically yes, the data might be illegal. But any geek can find it online, it’s a google search away.
I’m just making the data available to the ‘normals’, people who don’t look around in hacker forums.
Plus all data is masked, so only the first 4 and last 2 digits of the phone number is available. Which is almost as good as the masking of credit card numbers on your printed receipts.
I also don’t publish any names or addresses. If you’re unhappy with this, you should be unhappy with the Election Commission website that publishes your name in FULL on their website upon entering just an IC number. Similar to PTPTN etc.
Did you pay for the Data?
No. Contrary to what’s being reported the data is available for FREE online. Even the ‘hacker’ who was selling it on Lowyat was basically a re-seller.
I did not pay for the data, I would never validate the business case of reselling stolen data.
If I search for my IC, will you log my data?
No.
In technical terms, I’ve switched of logging for my API Gateway, CloudFront & Lambda.
If I wanted your data — I wouldn’t need you to search for you. I already have it.
OMG I’m breached !!! What can I do?
Unfortunately, there’s little you can do.
Your IC number is a permanent fixture of your life –and can’t be changed. This is bad design, but it’s the design we have at the moment.
If you lose your Phone Number, Credit Card details or E-mail address, you’d still have some form of mitigating the damage. But if someone gets your IC number, you can’t go to the NRD and get them to issue you a new one.
To be fair IC numbers (in their modern form) are at least 25 years old, so I’m not blaming anyone — but the reality is that we should either stop using IC numbers so extensively , or find some way to make them mutable. Not and easy task, but until that happens the damage of this leak will continue… in perpetuity.
Now onto the good news!
The leak is from 2014, so the chances of you having the same phone is minuscule. I know of only one person whose phone is older than 3 years old, everybody else has changed their phone. So IMEI numbers (which are tied to your phones) from 2014 are pretty useless.
IMSI and SIM are almost the same as well. Over the past 3 years, I’m almost certain a large percentage of the victims (50-80%) would have their sim cards swapped — primarily from buying a new phone that required a micro or nano sim or from porting telcos, or just losing their phones.
What’s not so good is the fact that most people still keep their Name, Address and Phone Number. So those are the top 3 (4 if you count IC Numbers) data elements in the breach, and unfortunately their almost all there.
Where did the data come from?
Well……
The breach includes not just Telco data but Jobstreet and various other sources as well. Let’s just focus on Telco because that’s the big one.
There’s only 2 possibilities on where the telco data came from:
- Someone hacked into individuals telcos and took it; or
- Someone hacked a central source with all the data
Now, consider that all Telco’s are in this breach — including Altel, PLDT, Redtone, etc. Which self-respecting hacker, with the skills to hack Maxis, Digi and Celcom, is going to waste time on Altel? Really?!
Consider also, that if you downloaded the data, (which I obviously have), it’s clear as day where the leak came from. It’s so clear, Stevie Wonder can see where the data was leaked from.
I’m hoping over the next few days somebody somewhere will make an announcement.
In the mean-time stay safe Malaysia.
End notes and Special Thanks
Thanks to Bin Hong for alerting me that I had a few logs on the GitHub repository. I’ve torn down the old repo and created a new one.
Thanks to Ang YC for letting me know I gave too much info to folks.
Thanks to **rax***n for sharing the data on the *ahem* site.
Thanks to Ridhwan Daud for correcting my API spelling. (it’s case sensitive).
All data available on sayakenahack.com is available somewhere on the web. I’m just making sure that it’s not just geeks/hackers who have this data, but the average citizen can also be informed if they’re part of the leak.
I’m especially proud of the architecture underlying sayakenahack. It’s completely serverless, and I’ll make a post about it soon. But learning DynamoDB and about a gazillion AWS services to deploy this was both fun and tiring.
For now, you can build your own version of sayakenahack with the data, by using the api at:
I’ve changed the API many times. I promised this version is stable for the next 3 months.
The api is CORS enabled, so you can call it with javascript on your browser. There’s only one endpoint for now, I’ll documenting the API and will publish some documentation soon.
I spent a good 40+ hours building all of this, the code is mostly available on my GIT repository. Couple of elements aren’t there (lambda function to query DynamoDB) — but I’ll upload that when time permits.
What assurance do I have that this isn’t just another way for someone, perhaps even you, to steal my data? As it is, I’ve been getting phone calls from weird numbers
you don’t have any. But I would point you to my other work, including this blog, my BFM interviews etc.
I do this kinda thing regularly. But you’re right, I can’t convince you 100% that I’m not a scammer. That’s just a risk you’re going to have to accept when you type your IC into the portal.
Keith
Why do I find this reply as sarcasm? Hahahaha love ur response though~
You must be a genius man to know these stuff. Anyway thanks. ?
Agreed lol
Keith is pretty well known among certain circles. It’s not as if he’s anonymous or anything.
I have checked using my ic, the phone number listed is correct therefore this is legit site.Like he says he already have my ic # and phone # therefore ni need for soliciting it
I kena de. Should change my number very soon
Thanks for this! I found you when I was trying to ‘hack’ into my tm unifi router. Hehe. You provide excellent information and easy to understand too. You inspire me to delve into coding more now. Thanks again! Cheers
Thanks. Very Informative. love you
changing to a new number won’t stop the hacking in the future
Hi keith, can i see my full phone number after i proceed with my ic ? Because there is a phone number on my ic that i never registered before
Make a report on the unknown number
It’s dangerous not to change number?I told my mother to do so but she’s so stubborn
Does the API work as of now? I tried doing a GET request with something like
https://api.sayakenahack.com/v1/breach?icnum=************ (with each * representing a digit)
but wasn’t able to get anything out of it.
My mistake — should be https://api.sayakenahack.com/v1/breach?icNum=****
the N is icNum is capital :(.
In anycase, I’ll be publishing a new api, I recommend using https://sayakenahack.com/api/v1/breach?icNum=12345
Can you introduce a safe way to reverse lookup spammer? That might reduce possiblity of spammer coming from local number and most people can safely ignore weird international number.
Bro, do your website collect and save the IC numbers when I input it in to check whether I have been pwned or not.
No. No logs…..whatsoever.
Do please read again and ya it’s safe
Bro a simple question…what must I do if I’m in the breached list…
Yes, want to know also
kalau kita amik data curi, and simpan. salah tak?
Keeping the data or sharing it with others is illegal and you may be prosecuted in court of law.
Exactly which sub-section of which law are you referring to?
LMFAO
Personal Data Protection Act, FYI.
Illegal to keep it. Since you admit that you have it, you could be in trouble.
SayaKenaHack.com
Check if your IC Number that has been compromised in the telco breach
IC Number (no dashes or spaces)*
000000000000
CHECK
Oh-oh! You’ve been pwned
Your IC number is in the breach, and tied to the following phone numbers:
Telco: Celcom
Number: 013*****33
Telco: Celcom
Number: 013*****37
Telco: Celcom
Number: 013*****43
Telco: Celcom
Number: 013*****50
Telco: Celcom
Number: 013*****54
Telco: Celcom
Number: 013*****63
Telco: Celcom
Number: 013*****94
Telco: Celcom
Number: 014*****20
Telco: Celcom
Number: 014*****23
Telco: Celcom
Number: 019*****01
Maybe the telco registrator (agent) get so lazy af, and just put 000000000000 for registration
My phone no is tied to my wife’s no. So whats so significant? What can she do to me??
https://api.sayakenahack.com/v1/breach?icnum= got typo . should be icNum
Thanks bro. Will correct it soon.
Fake
cmne boleh kua sume detail ni… tp ade jgk no yg xklua
Thanks Keith. Good info to know.
With respect to the info on doctors, perhaps at least put a message saying something like “If you are a doctor or registered with the Malaysian Medical Association since so-and-so date, the following data from the MMA is also in the leak: MMA registration number, etc, etc”. That way, those who need to know that their data is at risk will know, and those who don’t want to be identified as medical professionals wouldn’t be identified by someone entering their IC number.
At least CIMB rectified and alerted users.
Cimb has confirmed that no personal information or password or safety pin was leaked in the tapes. At least we don’t have to worry now
cun bro article mantap!!.. bru2 nie cimb plak yg kena, tp yg paling x risau tuu diorng kata tape yg diorng backup tu xde kata laluan ngan benda yg penting so ok lah.. sbr je la ye
Thanks Keith for sharing and making the database access user-friendly for us regular Joes. With the recent issues on data leaks on both this massive personal particulars leak from those aforementioned companies in the article, and the CIMB Bank data tapes theft, we are now entering dangerous waters right here in Malaysia. Let’s hope that all large corporations can better secure their data and take pre-emptive steps to prevent any thefts or hacks from happening. I understand that there’s no foolproof method, but it is what we do from here on that matters. Speaking of which, being upfront and giving clarity on such situations are vital to the public eye. CIMB’s move to create a special FAQ section on their site for the stolen tapes incident – is something exemplary that not many companies would do. And let’s hope the aforementioned companies in the hack mentioned in the article can be just as honest as CIMB.
Hi Keith,
I’ve checked mine. The results as below:
Data exposed: IC Number, Mobile Number, Name, Billing Address, IMSI, IMEI, SIM Number, Phone Number
Could you please define “Phone Number” terminology? Does it mean all phone records in that sim?
can i just ask the telco to terminate the phone number registered under my IC but doesnt belong to me?
Anyone can answer this? I will be going to my telco to find out soon
Hi Keith,
1st off, thx for the work and this site.
My results show I’ve been pwnd, but I also notice that the numbers could be the numbers that I’m already having with Mxs. 1 main line & 3 supplementary lines.
Is this also possible??
The message is ‘You have been pwned and IC is in the breach and tied to the following account’ which are our accounts. What does it means?
Uh… it’s self explanatory?
Uh… it’s self explanatory?
What if this is just a ploy to get MORE data? I mean, even if the author states his actions/intentions to be genuine, this site is and will be collecting and storing your data you so willingly provide. Think twice, the aforementioned ‘leak’ was in 2014, 3 years ago. Unless your life has been clearly affected by this, there is no reason why you would enter your personal ID number into a website that is so poorly titled, that seems to be a scam itself.
The number is my other mobile number, so it is not hacked.
your mother number, but register under your name? or it was used to register something else with your IC and your mother phone number?
Continue from above question. It Indicates data exposed in IC etc but under our own account. Does it means no exposure to others?
Hi, can i go to telco provider and make them delete/ban the number that were registered under my name? What is your advise on this?
Thanks in advance.
So, what our next step should do if our info being breeched?
Oh-oh! You’ve been pwned
Your IC number is in the breach, and tied to the following Accounts.
Data is from 2014 and only the registered owner of the account is affected.
Telco: Celcom
Number: 013*****22
Data exposed: IC Number, Mobile Number, Address
Telco: Celcom
Number: 019*****02
Data exposed: IC Number, Mobile Number, Address
Telco: Celcom
Number: 019*****74
Data exposed: IC Number, Mobile Number, Address
Telco: Celcom
Number: n.a
Data exposed: IC Number, Address
Can I get the phone number details?
Thanks for your side n I found my numbers. Thank God, both r mine. Upsetting is my info is breached. Tqs again.
Keith, pls contact me bia email
Sure, what’s your email. My is on the contact form of the blog.
Sure, what’s your email. Mine is on the contact form. Sorry can’t login now, on the phone at work 🙂
Thanks Keith
Hi I keyed in my ic and it was loading and loading, waited 5 mins and still loading…. Does it take a long time to load for result?
Thanks for the info bro. My numbers were breached as well. Digi and Celcom. But what can we do except to sit and hope nothings happens. Cheers mate.
Hi Keith, not sure I understand this outcome as below correctly. Could you eloborate to be further and what should I do next?
Oh-oh! You’ve been pwned
Your IC number is in the breach, and tied to the following Accounts.
Data is from 2014 and only the registered owner of the account is affected.
Telco: Maxis Postpaid
Number: 6012*****62
Data exposed: IC Number, Mobile Number, Name, Billing Address, IMSI, IMEI, SIM Number
Appreciate your prompt reply.
Thanks.
I will Keith to explain as he might be very busy and swamped at the moment, with other things.
Basically, your IC number, mobile number, your real full name, billing address where you register your phone address as, IMSI (which is the unique number associated with you on your cellular network which identifies you!), IMEI (which is the unique number associated with your device which identifies your specific device), and your SIM number (which is your specific unique SIM number), has all been breached and leaked and is being sold. So, it’s everything about you and your mobile.
My info is breached! I didn’t know from this website though. I wanted to port in my digi to maxis but i couldn’t because my ic was breached. Now blacklisted by U Mobile. Same IC Number, different name and address. The sad thing is U Mobile is not really helpful. Treating me like a genuine blacklister. Issue still not resolved until now.
Hi, i knew someone hacked my hp maxis info and took my frequent call contact from the details. How to know who actually hacked my hp call in and out details?
Consider also, that if you downloaded the data, (which I obviously have), it’s clear as day where the leak came from. It’s so clear, Stevie Wonder can see where the data was leaked from….. lol at least some humour to lighten this up ??
Bro you’re site is down ka because “The connection has timed out”? Or too many people.
Yeah. I can’t log as well.
Keep showing time out. But my friends could earlier. Around 12ish pm today.
Hi Keith,
I checked mine and there is a mobile number that registered using my IC but does not belong to me. I called the telco per say (DIGI) and they said they can’t find any number registered under my IC and told me that even though the number starts from 016, that doesn’t mean its under DIGI as number porting is very common nowadays. I then proceed to call MCMC and the lady says if you can get the full complete number then she can help to log a case.
So now the question is
a) Does this mean i need to call all telco to check?
b) Can i get the full number ? because sayakenahack website only shows the format of 6016-*****12.
What if this is just a ploy to get MORE data? I mean, even if the author states his actions/intentions to be genuine, this site is and will be collecting and storing your data you so willingly provide. Think twice, the aforementioned ‘leak’ was in 2014, 3 years ago. Unless your life has been clearly affected by this, there is no reason why you would enter your personal ID number into a website that is so poorly titled, that seems to be a scam itself.
marry me. i need to learn this shit.
p.s. im a dude if you dont mind. and no im not gay. just need to tie you down.
ew I’m feeling gross just reading at ur comment
I jusy checked and found that i’n breached. How do i go about this now? Can i lodge report to mcmc ?
What troubles me is that none of these big corps had the decency to apologise for this breach on their customer’s data. If this had happened in the US or UK believe me telcos would be scrambling to rectify this publicly to avoid getting their pants sued. Sadly, some of this is due to ignorance and the tidak-apa attitude of Malaysians.
My family personal details also kena leaked out by Dxxi. They both use Dxxi provider at that time. So what can we do?
Site been blocked
I have check in your website using my ic number. it should that i have not been pwnd. I am so lucky.
how to unbridged leh
Unable to access https://sayakenahack.com/ from a standard browser, VPN or tor works. Why would they blocked it?
what action we can do to those company who leak our info?
Thanks for using the HTTPS on SayaKenaHack.com – At least you’re concern about information being passed through. Cheers!
I hv just change my phone early this year and iam affected. Few friends of mine also hd their data stolen but when they entered their i/c..it came out their old numbers that not being use anymore. How is that so?
Your site has been blocked by the local assholes, but with a PVN it can still be accessed.
I t0ld y0u n00b … 🙂
Did the MCMC looking for you? like somebody in Agency looking for me til now still not reach yet..hahahaha
Site’s blocked. As of 8.30pm 16 November.
I can think of one organization that would have all that information in one place. The same one that blocked the site?????
tq very much.. now i know my wife got 5 other number not belong to him. may god bless u.
Can I like… sue my telco company? This should be fun
Use vpn
Thank you Mr.Keith . I can access Sayakenahack.com
Thank you Keith for exposing the vulnerability of our information from telcos otherwise we will be thinking the hack is through our mobile phones. Malaysia apa pun boleh..?
Hacking individual mobile phone are nearly impossible. Think about the amount of the data leaked, and think again…. how much time need to use to hack and get all those data without being detected by those system and network administrator who working day & night trying to protect their system?
https://www.thestar.com.my/news/nation/2017/11/16/mcmc-blocks-sayakenahackcom/
kerajaan malaysia memang bodoh! menteri sakit jiwa!
kenapa kerajaan nak block website ni?
so u are saying it was hacked from a central source.. i wonder who owns all the data.
decades of not implementing meritocracy has caused mediocrity to creep up everywhere, including safeguarding the people’s interest.
Ah well, it is the people who are not demanding enough of meritocracy the first place.
meanwhile, great brains like Keith, even though I don’t think it’s hard to set up the website once you have the data, has rightfully decided not to live in Malaysia no more. Too bad Malaysia.
The hackers will enjoy the data for now (actually, regular IT grads with some capability also can)
Was the source of the data obtained from within Malaysia, or from outside of it? In other words, a Malaysian hacker, or a foreign one?
Just curious.
I wonder if you could hack into this website which still shows IC of winners of some contest in 2008. Couldnt get them and ask them to pull it down. Not sure if they are dumb or something.
I have checked in your website and the below found :
Oh-oh! You’ve been pwned
Your IC number is in the breach, and tied to the following Accounts.
Data is from 2014 and only the registered owner of the account is affected.
Telco: Digi Postpaid
Number: 6016*****63
Data exposed: IC Number, Mobile Number, Name, Billing Address, IMSI, IMEI, SIM Number
So, what I must do now? Please advise. TQ!
The “LEAK DATA” on my IC is total bullshit. it just taken from an old old old old old data. stupid hijack anyways.
it is mentioned in the article that the data records were leaked in 2014. so if you have new numbers which were registered after 2014, you’re (perhaps) safe.
how big? mean gigabyte is this data?
should not block / shut down the website sebab dah ada disclaimer kot!!
the check function is pretty good though, sebab in case I key in my ic number, tapi keluar pulak nombor telepon orang lain. that means my ic number was used to register nombor telefon orang lain. criminal perhaps?!
without access to this function how can we know about it? call all telco hotline one by one and check? duh
Any new website. Could not make it last sunday. i just knew today
i need this page for finding phone number..any new site same as this?
Sorry man. I’ve shut it down.
thank you for your hard work keith, may god bless you.. ✌️
Fix it can’t open
Listened to your BFM interview and went straight to your site. you’re a good lad. let’s shake hands..
Shake
Hi Keith, I need your help to find my 19 y.o daughter. I already make police report early may 2018 but until now there’s no answer from the police. Pls contact me
so bad,, the site is closed already… huhu… im so badly want to check my ic… or imei.. sudenly my phone blocked by MCMC, but i use prepaid, not postpaid.. huhuhuh.. btw to those dont trust any his services, easy saja.. dont use it… ndak paya kepo kepo…
Fix it can’t open
Listened to your BFM interview and went straight to your site. you’re a good lad. let’s shake hands..
Shake
Hi Keith, I need your help to find my 19 y.o daughter. I already make police report early may 2018 but until now there’s no answer from the police. Pls contact me
so bad,, the site is closed already… huhu… im so badly want to check my ic… or imei.. sudenly my phone blocked by MCMC, but i use prepaid, not postpaid.. huhuhuh.. btw to those dont trust any his services, easy saja.. dont use it… ndak paya kepo kepo…
thank you for your hard work keith, may god bless you.. ✌️
The “LEAK DATA” on my IC is total bullshit. it just taken from an old old old old old data. stupid hijack anyways.
it is mentioned in the article that the data records were leaked in 2014. so if you have new numbers which were registered after 2014, you’re (perhaps) safe.
should not block / shut down the website sebab dah ada disclaimer kot!!
the check function is pretty good though, sebab in case I key in my ic number, tapi keluar pulak nombor telepon orang lain. that means my ic number was used to register nombor telefon orang lain. criminal perhaps?!
without access to this function how can we know about it? call all telco hotline one by one and check? duh
how big? mean gigabyte is this data?
Any new website. Could not make it last sunday. i just knew today
i need this page for finding phone number..any new site same as this?
Sorry man. I’ve shut it down.
Hi keith, can i see my full phone number after i proceed with my ic ? Because there is a phone number on my ic that i never registered before
Make a report on the unknown number
Thanks. Very Informative. love you
changing to a new number won’t stop the hacking in the future
kalau kita amik data curi, and simpan. salah tak?
It’s dangerous not to change number?I told my mother to do so but she’s so stubborn
What assurance do I have that this isn’t just another way for someone, perhaps even you, to steal my data? As it is, I’ve been getting phone calls from weird numbers
Agreed lol
you don’t have any. But I would point you to my other work, including this blog, my BFM interviews etc.
I do this kinda thing regularly. But you’re right, I can’t convince you 100% that I’m not a scammer. That’s just a risk you’re going to have to accept when you type your IC into the portal.
Keith
You must be a genius man to know these stuff. Anyway thanks. ?
Why do I find this reply as sarcasm? Hahahaha love ur response though~
Keith is pretty well known among certain circles. It’s not as if he’s anonymous or anything.
I have checked using my ic, the phone number listed is correct therefore this is legit site.Like he says he already have my ic # and phone # therefore ni need for soliciting it
Thanks for this! I found you when I was trying to ‘hack’ into my tm unifi router. Hehe. You provide excellent information and easy to understand too. You inspire me to delve into coding more now. Thanks again! Cheers
Does the API work as of now? I tried doing a GET request with something like
https://api.sayakenahack.com/v1/breach?icnum=************ (with each * representing a digit)
but wasn’t able to get anything out of it.
My mistake — should be https://api.sayakenahack.com/v1/breach?icNum=****
the N is icNum is capital :(.
In anycase, I’ll be publishing a new api, I recommend using https://sayakenahack.com/api/v1/breach?icNum=12345
I kena de. Should change my number very soon
Fake
Bro a simple question…what must I do if I’m in the breached list…
Yes, want to know also
Keeping the data or sharing it with others is illegal and you may be prosecuted in court of law.
Exactly which sub-section of which law are you referring to?
LMFAO
Personal Data Protection Act, FYI.
Illegal to keep it. Since you admit that you have it, you could be in trouble.
Can you introduce a safe way to reverse lookup spammer? That might reduce possiblity of spammer coming from local number and most people can safely ignore weird international number.
Bro, do your website collect and save the IC numbers when I input it in to check whether I have been pwned or not.
No. No logs…..whatsoever.
Do please read again and ya it’s safe
https://api.sayakenahack.com/v1/breach?icnum= got typo . should be icNum
Thanks bro. Will correct it soon.
My phone no is tied to my wife’s no. So whats so significant? What can she do to me??
SayaKenaHack.com
Check if your IC Number that has been compromised in the telco breach
IC Number (no dashes or spaces)*
000000000000
CHECK
Oh-oh! You’ve been pwned
Your IC number is in the breach, and tied to the following phone numbers:
Telco: Celcom
Number: 013*****33
Telco: Celcom
Number: 013*****37
Telco: Celcom
Number: 013*****43
Telco: Celcom
Number: 013*****50
Telco: Celcom
Number: 013*****54
Telco: Celcom
Number: 013*****63
Telco: Celcom
Number: 013*****94
Telco: Celcom
Number: 014*****20
Telco: Celcom
Number: 014*****23
Telco: Celcom
Number: 019*****01
Maybe the telco registrator (agent) get so lazy af, and just put 000000000000 for registration
Hi Keith,
1st off, thx for the work and this site.
My results show I’ve been pwnd, but I also notice that the numbers could be the numbers that I’m already having with Mxs. 1 main line & 3 supplementary lines.
Is this also possible??
Thanks Keith for sharing and making the database access user-friendly for us regular Joes. With the recent issues on data leaks on both this massive personal particulars leak from those aforementioned companies in the article, and the CIMB Bank data tapes theft, we are now entering dangerous waters right here in Malaysia. Let’s hope that all large corporations can better secure their data and take pre-emptive steps to prevent any thefts or hacks from happening. I understand that there’s no foolproof method, but it is what we do from here on that matters. Speaking of which, being upfront and giving clarity on such situations are vital to the public eye. CIMB’s move to create a special FAQ section on their site for the stolen tapes incident – is something exemplary that not many companies would do. And let’s hope the aforementioned companies in the hack mentioned in the article can be just as honest as CIMB.
cun bro article mantap!!.. bru2 nie cimb plak yg kena, tp yg paling x risau tuu diorng kata tape yg diorng backup tu xde kata laluan ngan benda yg penting so ok lah.. sbr je la ye
With respect to the info on doctors, perhaps at least put a message saying something like “If you are a doctor or registered with the Malaysian Medical Association since so-and-so date, the following data from the MMA is also in the leak: MMA registration number, etc, etc”. That way, those who need to know that their data is at risk will know, and those who don’t want to be identified as medical professionals wouldn’t be identified by someone entering their IC number.
Hi Keith,
I’ve checked mine. The results as below:
Data exposed: IC Number, Mobile Number, Name, Billing Address, IMSI, IMEI, SIM Number, Phone Number
Could you please define “Phone Number” terminology? Does it mean all phone records in that sim?
At least CIMB rectified and alerted users.
can i just ask the telco to terminate the phone number registered under my IC but doesnt belong to me?
Anyone can answer this? I will be going to my telco to find out soon
The message is ‘You have been pwned and IC is in the breach and tied to the following account’ which are our accounts. What does it means?
Uh… it’s self explanatory?
Uh… it’s self explanatory?
Hi, can i go to telco provider and make them delete/ban the number that were registered under my name? What is your advise on this?
Thanks in advance.
Cimb has confirmed that no personal information or password or safety pin was leaked in the tapes. At least we don’t have to worry now
cmne boleh kua sume detail ni… tp ade jgk no yg xklua
The number is my other mobile number, so it is not hacked.
your mother number, but register under your name? or it was used to register something else with your IC and your mother phone number?
Thanks Keith. Good info to know.
Continue from above question. It Indicates data exposed in IC etc but under our own account. Does it means no exposure to others?
Thanks Keith
Thanks for your side n I found my numbers. Thank God, both r mine. Upsetting is my info is breached. Tqs again.
So, what our next step should do if our info being breeched?
Hi I keyed in my ic and it was loading and loading, waited 5 mins and still loading…. Does it take a long time to load for result?
Keith, pls contact me bia email
Sure, what’s your email. My is on the contact form of the blog.
Sure, what’s your email. Mine is on the contact form. Sorry can’t login now, on the phone at work 🙂
Oh-oh! You’ve been pwned
Your IC number is in the breach, and tied to the following Accounts.
Data is from 2014 and only the registered owner of the account is affected.
Telco: Celcom
Number: 013*****22
Data exposed: IC Number, Mobile Number, Address
Telco: Celcom
Number: 019*****02
Data exposed: IC Number, Mobile Number, Address
Telco: Celcom
Number: 019*****74
Data exposed: IC Number, Mobile Number, Address
Telco: Celcom
Number: n.a
Data exposed: IC Number, Address
Can I get the phone number details?
Hi, i knew someone hacked my hp maxis info and took my frequent call contact from the details. How to know who actually hacked my hp call in and out details?
Thanks for the info bro. My numbers were breached as well. Digi and Celcom. But what can we do except to sit and hope nothings happens. Cheers mate.
My info is breached! I didn’t know from this website though. I wanted to port in my digi to maxis but i couldn’t because my ic was breached. Now blacklisted by U Mobile. Same IC Number, different name and address. The sad thing is U Mobile is not really helpful. Treating me like a genuine blacklister. Issue still not resolved until now.
Hi Keith, not sure I understand this outcome as below correctly. Could you eloborate to be further and what should I do next?
Oh-oh! You’ve been pwned
Your IC number is in the breach, and tied to the following Accounts.
Data is from 2014 and only the registered owner of the account is affected.
Telco: Maxis Postpaid
Number: 6012*****62
Data exposed: IC Number, Mobile Number, Name, Billing Address, IMSI, IMEI, SIM Number
Appreciate your prompt reply.
Thanks.
I will Keith to explain as he might be very busy and swamped at the moment, with other things.
Basically, your IC number, mobile number, your real full name, billing address where you register your phone address as, IMSI (which is the unique number associated with you on your cellular network which identifies you!), IMEI (which is the unique number associated with your device which identifies your specific device), and your SIM number (which is your specific unique SIM number), has all been breached and leaked and is being sold. So, it’s everything about you and your mobile.
Bro you’re site is down ka because “The connection has timed out”? Or too many people.
Yeah. I can’t log as well.
Keep showing time out. But my friends could earlier. Around 12ish pm today.
Hi Keith,
I checked mine and there is a mobile number that registered using my IC but does not belong to me. I called the telco per say (DIGI) and they said they can’t find any number registered under my IC and told me that even though the number starts from 016, that doesn’t mean its under DIGI as number porting is very common nowadays. I then proceed to call MCMC and the lady says if you can get the full complete number then she can help to log a case.
So now the question is
a) Does this mean i need to call all telco to check?
b) Can i get the full number ? because sayakenahack website only shows the format of 6016-*****12.
marry me. i need to learn this shit.
p.s. im a dude if you dont mind. and no im not gay. just need to tie you down.
ew I’m feeling gross just reading at ur comment
Consider also, that if you downloaded the data, (which I obviously have), it’s clear as day where the leak came from. It’s so clear, Stevie Wonder can see where the data was leaked from….. lol at least some humour to lighten this up ??
My family personal details also kena leaked out by Dxxi. They both use Dxxi provider at that time. So what can we do?
I jusy checked and found that i’n breached. How do i go about this now? Can i lodge report to mcmc ?
Site been blocked
What troubles me is that none of these big corps had the decency to apologise for this breach on their customer’s data. If this had happened in the US or UK believe me telcos would be scrambling to rectify this publicly to avoid getting their pants sued. Sadly, some of this is due to ignorance and the tidak-apa attitude of Malaysians.
how to unbridged leh
I t0ld y0u n00b … 🙂
Did the MCMC looking for you? like somebody in Agency looking for me til now still not reach yet..hahahaha
Use vpn
Your site has been blocked by the local assholes, but with a PVN it can still be accessed.
I hv just change my phone early this year and iam affected. Few friends of mine also hd their data stolen but when they entered their i/c..it came out their old numbers that not being use anymore. How is that so?
Unable to access https://sayakenahack.com/ from a standard browser, VPN or tor works. Why would they blocked it?
Thanks for using the HTTPS on SayaKenaHack.com – At least you’re concern about information being passed through. Cheers!
I have check in your website using my ic number. it should that i have not been pwnd. I am so lucky.
what action we can do to those company who leak our info?
kerajaan malaysia memang bodoh! menteri sakit jiwa!
Thank you Keith for exposing the vulnerability of our information from telcos otherwise we will be thinking the hack is through our mobile phones. Malaysia apa pun boleh..?
Hacking individual mobile phone are nearly impossible. Think about the amount of the data leaked, and think again…. how much time need to use to hack and get all those data without being detected by those system and network administrator who working day & night trying to protect their system?
so u are saying it was hacked from a central source.. i wonder who owns all the data.
I can think of one organization that would have all that information in one place. The same one that blocked the site?????
Thank you Mr.Keith . I can access Sayakenahack.com
Site’s blocked. As of 8.30pm 16 November.
Can I like… sue my telco company? This should be fun
tq very much.. now i know my wife got 5 other number not belong to him. may god bless u.
kenapa kerajaan nak block website ni?
https://www.thestar.com.my/news/nation/2017/11/16/mcmc-blocks-sayakenahackcom/
Was the source of the data obtained from within Malaysia, or from outside of it? In other words, a Malaysian hacker, or a foreign one?
Just curious.
I have checked in your website and the below found :
Oh-oh! You’ve been pwned
Your IC number is in the breach, and tied to the following Accounts.
Data is from 2014 and only the registered owner of the account is affected.
Telco: Digi Postpaid
Number: 6016*****63
Data exposed: IC Number, Mobile Number, Name, Billing Address, IMSI, IMEI, SIM Number
So, what I must do now? Please advise. TQ!
I wonder if you could hack into this website which still shows IC of winners of some contest in 2008. Couldnt get them and ask them to pull it down. Not sure if they are dumb or something.
decades of not implementing meritocracy has caused mediocrity to creep up everywhere, including safeguarding the people’s interest.
Ah well, it is the people who are not demanding enough of meritocracy the first place.
meanwhile, great brains like Keith, even though I don’t think it’s hard to set up the website once you have the data, has rightfully decided not to live in Malaysia no more. Too bad Malaysia.
The hackers will enjoy the data for now (actually, regular IT grads with some capability also can)
Where to check?