InfoSecBulletin Cybersecurity for mankind
According to a report by Surfshark, Malaysia was the eighth most breached country in Q3 2023, with 494,699 leaked accounts. The breach rate in Q3 2023 was 144% higher than in Q2 2023, and around four Malaysian user accounts were leaked every minute.
TM suffers data breach again:
CVSS 10.0 Flaw
Critical flaw in Siemens OZW Web Servers Enable Unauthenticated RCE
Microsoft Patch Tuesday May 2025: 72 flaws, 5 Actively Exploited Zero-Day
OTP glitch disrupted NID services across the country
Google to pay Texas $1.4 billion for location tracking practices
YouTube geo-blocks at least 4 Bangladeshi TV channels in India
Microsoft Patches Four Critical Azure and Power Apps Vulns
Qilin Ransomware topped April 2025 with 45+ data leak disclosures
SonicWall Patches 3 Flaws in SMA 100 Devices
Top Ransomware Actively Attacking Financial Sector: 406 Incidents Disclosed
Critical (CVSS 10) Flaw in Cisco IOS XE WLCs Allows RRA
Customer data from Telekom Malaysia (TM) has been leaked on the dark web forum. A user revealed that they have stolen the entire customer database of the telco company.
The user says that there are almost 200 million entries in the data, out of which around 20 million are effective user data. The user also shared screenshots of the company’s customer database architecture documentation. The screenshots consist of 161 pages containing information about the structure, design, and functionality of the company’s customer database system.
TM has had data breaches before. In 2023, there was a breach affecting Unifi customers’ personal information. In 2022, 250,248 Unifi Mobile customers were affected by a breach involving customer names, phone numbers, and emails.
It was reported by The Star that TM released a statement stating that it had recently received a ransom note, leading to an immediate and thorough investigation to verify these claims.
It claims that its investigation has shown “that the alleged materials are pre-processed, recycled and dated. Nonetheless, we are treating the situation with the utmost seriousness and are dedicated to resolving this issue with high urgency,” it said.
It said it has informed the authorities, filed a police report, and is strengthening its cyber defenses to protect against similar threats.
Data breaches impact all data:
Old data can still be targeted by cybercriminals. They can hack encrypted data to decrypt it later. This shows the importance of data security for businesses.
For TM, suggesting that the data is “pre-processed, recycled and dated” may just lead to more concerning situations in the future.
Here are several ways cybercriminals can still use old data:
Identity theft: Old data may have personal information that can be used to steal someone’s identity or access their accounts. A cybercriminal could use an old email and password to log in to a social media account and post harmful content or scam messages.
Fraud: Old data can be used by cybercriminals to make unauthorized transactions or purchases, such as buying goods or services online using an expired credit card number.
Blackmail: Old data may contain sensitive or embarrassing information, which can be exploited by cybercriminals to blackmail the victim for monetary gain or favors. For instance, an outdated photo or video can be used to threaten the victim by exposing it to the public or their contacts.
Phishing: Old data may include contact information that could be used to send fake or harmful emails or messages to the victim or people they know. For instance, a cybercriminal could use an old phone number to send a text pretending to be from a bank or government agency and ask for personal or financial information.
