KUALA LUMPUR (Nov 13): Regional cyber security services provider Quann Malaysia (formerly known as e-Cop Malaysia), has warned that buyers can anonymously purchase 46.2 million Malaysian mobile users data for merely RM32,000 (estimated at current price).

In a statement today, Quann Malaysia said its warning follows the recent revelation that 46.2 million Malaysian mobile users data was on sale for merely 1 Bitcoin (RM32,000).

Last week, samples of list containing Malaysian mobile users data from telecommunication companies from 2014, went on sale.

The leak includes postpaid and prepaid numbers, customer details, addresses, as well as sim card information — including unique IMEI and IMSI numbers.

Quann Malaysia said such information may be used by hackers to carry out social engineering attacks to trick users into divulging financial information and passwords, or phone cloning where the identity of the user is copied into another phone.

Quann Malaysia general manager Ivan Wen said it is almost impossible to stop any sale of leaked data, unless the affected companies pay a ransom to the hacker or data thief.

“However, paying a ransom does not guarantee that the data will not be leaked. As such, we do not encourage companies to do so.

“This extremely attractive pricing for so much data will lead to a rise in the number of buyers who are confident they cannot be tracked,” Wen said.

He said it was not clear at this stage if a ransom has been demanded from the telecommunications providers.

“However, it is believed that the entire list is now on sale for merely 1 Bitcoin or RM32,000. The sale in Bitcoin means that any company or person can anonymously purchase the whole list (of Malaysian users’ data) from this anonymous hacker,” Wen added.

Currently, while actual Bitcoin transactions are transparent online, the identities of both the seller and buyer remain anonymous and cannot be tracked, he said.

“Few countries have yet to put in place proper KYC (Know-Your Customer) regulations, with regards to Bitcoin purchases.

“It is high time that we take a different approach to dealing with the spiraling number of worldwide ransomware demands,” Wen added.

Wen hopes regulators and policy makers will take action to put in more defined processes and regulations, for example in the upcoming Cyber Security law, to track the purchase and dealings in Bitcoin among Malaysians, so that fraudulent (data) purchases can be tracked.

“Individuals or companies found purchasing these leaked data, should be penalised. Only when the buying stops, will the hacking stop, as there are no more buyers to fund these hackers,” he said.

Meanwhile, he added that as one of the leading financial institutions in the world, Bank Negara can lead by example and stop the fraudulent purchase of Malaysian data.

“The Malaysian Communications and Multimedia Commission (MCMC) is most well-equipped to aid Bank Negara in drafting air tight regulations to stop fraudulent buying,” Wen quipped.