A hacker has reportedly breached over a dozen Malaysian government websites and is now offering the stolen data for sale. This could be the latest in a string of data breaches affecting the country.
According to MalaysiaNow, the claim was posted on BreachForums, a well-known dark web forum where stolen data is often traded. The listing includes at least 11 government websites, with the hacker asking for USD20,000 (~RM84,750) in exchange for the data.
According to the post, the stolen information includes local VPN account connections, shell access, network and web databases, subdomains, and local file-sharing details.
Shell access allows remote control over servers, while network databases contain configuration details and file-sharing information. The hacker claims to have “live access to all of them + dumped data” and is accepting payments in Monero, a privacy-focused cryptocurrency.
The affected websites reportedly belong to several key ministries and agencies, including the National Registration Department, MyGovernment, and Radio Television Malaysia. Other targets listed are the Healthy Ministry, Defence, Foreign Affairs, and Higher Education. The hacker also mentioned “so many other gov.mys” were compromised, backing up the claim with multiple screenshots.
For now, there’s no way to verify if the stolen data is genuine. We’ll have to wait for an official statement from the government to confirm the extent of the breach.