Translate

17 November 2017

Why Block SayaKenaHack.com when all it proves is how bad the data breach has been.

BESTFBKL: Why block sayakenahack.com as it was just a platform for netizen to see if they are on the list, not all information is even shown as its blocked with xxxxx only the starting numbers and ending numbers can be seen. This just shows how bad the data breach was. Its easily one of the worst Data Breaches in the World. No use to cover up. I am not sure which department made the request to MCMC but this is not the way to deal with a national security situation. The data is already out there in the cyberworld. One just needs to see if they are on the list so they can they the necessary precautions.
 


MCMC blocks access to sayakenahack.com citing data privacy concerns

LAILI ISMAIL
New Straits Times16 November 2017



KUALA LUMPUR: Malaysian Communication and Multimedia Commission (MCMC) has blocked access to a website addressed https://sayakenahack.com, citing data privacy concerns.

In a statement today, the internet regulator said the move followed an application by the Data Privacy Protection Department. “MCMC has blocked the website after receiving an application from the Department under Section 130 of the Data Privacy Act 2010 (Act 709),” it said.

The commission, however, did not reveal more information on the matter.

The Act has outlawed any release of private information without the owner’s consent through any platform, including the internet.

Created by tech blogger Keith Rozario, the verification website allowed users to check if their personal data had been compromised in the recent vast data leak that reportedly involved 46.2 million mobile service customers.

Despite the commission’s announcement on blocking the website, New Straits Times attempt to avail its service was still successful at the time of writing.

The massive data breach was first reported by local tech portal lowyat.net, after there was an attempt to sell the information for an undisclosed amount of cryptocurrency Bitcoin.

Inspector-General of Police (IGP) Tan Sri Mohamad Fuzi Harun said initial investigation had revealed that the breach could have occurred during a data transfer, when several unscrupulous employees of a company were able to take advantage of the situation. © New Straits Times Press (M) Bhd


Creator Of SayaKenaHack Replies To MCMC Blocking Site, Tells Users They Have 3 Days Before He Shuts It Down For Good

After the Malaysian Communications and Multimedia Commission (MCMC) moved to block SayaKenaHack.com after concerns raised by the Personal Data Protection Department citing unlawful breach of Section 130 of the Personal Data Protection Act 2010, its creator has come forward to explain his side of the story.
Tech blogger Keith Rozario had been widely praised for creating the site last Sunday after news of massive data breaches led to personal details of the 46.2 million mobile subscribers in Malaysia being easily available online.
He offered a simple solution, to create a site where users can type in their MyKad number to check against the stolen data released online. However MCMC had raised concern over whether this constitutes an unlawful collection of data.
Rozario has denied claims that the site will use the MyKad numbers keyed in and explained that he does not keep logs of users.
“You might not trust me, that’s fine ... Honestly, typing your IC number into a dodgy website named SayaKenaHack isn’t the best idea in the world.
“But disclosures like this are an info security norm these days, and unfortunately if you want to see if your personal data was stolen, you have to give some of it to the person who’s checking.
“My blog has no adverts, and neither does SayaKenaHack. My reputation is worth more than the money that advertisements could ever bring in,” Rozario told The Star yesterday after MCMC announced it was blocking the site.
He also posted on Twitter that upon checking, the site is accessible in Singapore and that access was not uniformedly blocked as well as stressing that no one from MCMC had bothered to contact him either. He even states that he had created a mirror site for users eager to check if their personal data had been breached.
He has since taken to his blogpost to allay fears of the site farming users data and state his stance on the whole matter.
"I believe that if your data was leaked online, you have a right to know. You might choose to “not know”, but that is a right you can choose to exercise. No one should be allowed to withhold that information from you.
'I believe that you have a right to know about it, in a timely manner. Authorities can’t sit on the data for weeks without letting you know on any pretense," he wrote on www.keithrozario.com
He further added that if the authorities did not want a private citizen like him to be offering this service, they could have easily taken steps to allay people's fears, explaining that if he could create his site in just under a month, the authorities can do better.
"I believe that the correct authority to do tell you about leaks is the MCMC. But till today they have made no attempt to create such a service, not even communicated a plan to implement one. There is no evidence to suggest they have (or had) any intention to do anything about it.
"If I can code sayakenahack within 4 weeks (in my sparetime, while holding a 9-to-5 job, being a father and husband) there is no logical reason why the MCMC or the telcos couldn’t do something better in a shorter time-frame," he added.
He also answered accusations that he was manipulating the stolen data as he explains that what he did was just to 'mask' it.
"I mask the data, not manipulate it. No IT professional would ever make confuse manipulation with masking. Manipulation carries a negative connotation, that implies I’m changing the data in some way. Masking though is the intentional removal of data, to protect its confidentiality.
"I went out my way to ensure that enough data was left so that users could still identify their numbers, yet not enough for somebody else to guess," he described what SayaKenaHack.com was programmed to do.
Anyways, after receiving so much flak from the authorities and other IT stakeholders over what essentially was his attempt to help the public, the tech blogger has decided to shut down the site for good.
"I’ve got a script scheduled to run at Sunday midnight to tear down the database. So if you wanna check, you better do it now, cause in 3 days time, it’ll be gone," he announced, stating that it will be his last posting about the controversial SayaKenaHack.com.
You can read the rest of his personal take on how the whole issue has played out here.

- mD

Popular Posts - Last 7 days

Popular Posts - Last 30 days

Blog Archive

LIVE VISITOR TRAFFIC FEED