Recently, it was revealed on social media site X/Twitter that the identity card images of 17 million Malaysians have been leaked and are being sold on the dark web.
The X account @StealthMole said that the MyKad data of 17 million Malaysians has been leaked and is being sold on the dark web through the sample MyKad images shown. This is seen as serious because it shows the names, identity card numbers and home addresses of Malaysians which can be used for various nefarious purposes.
It is suspected that whoever this group of hackers is, they have successfully hacked the database of the eKYC (Electronic Know Your Customer) system which is used to verify the identity of users using identity card images for a fast user verification process.
Normally, the photos sent for eKYC verification are not supposed to be stored by online platforms, but since the data of 17 million people exposed was through MyKad photos taken, for now this is the most suitable explanation for how this data was leaked.
In Malaysia, there are a number of online platforms that use the eKYC verification system to verify the identity of users, but so far no company has come out to make an announcement on this matter.
In the latest development, the National Cyber Security Agency (NACSA) said that they have started an investigation into this incident. They reminded the public to monitor suspicious banking and credit card activities.