TM confirms data breach involving 250,000 Unifi Mobile customers

Malay Mail
Malay Mail

KUALA LUMPUR, Dec 30 ― While earlier today saw reports of a database with the details of 13 million Malaysians being sold online, there was actually another listing on the same online forum for a database that claimed to have 2.7 million entries garnered from the Unifi website, along with admin access to the Unifi website backend.

This is understandably a pretty serious matter, and Telekom Malaysia has since released a statement confirming that they’ve been the victim of a data breach. According to TM, they found that 250,248 Unifi Mobile customers are affected in the data breach that happened, which includes both individual customers as well as small and medium businesses. They add that the type of data leaked involves customer names, phone numbers and emails, and that no other information was breached.

Going back to the database being sold online, it seemed to contain payment details for Unifi Bebas Prepaid plan, which includes customer names, their email address, phone number and the amount they paid to top up their plan. It also seems that the data breach happened relatively recently, as some of the payment details shown off in the listing included payments done as recently as 24 December 2022. A user had asked the seller if the database includes any passwords, and the seller responded no, seemingly corroborating with TM’s statement.

TM adds that the breach has since been contained and that they’ve taken steps to minimise the potential impact to these 250,248 customers. In particular, they have notified the customers affected, and also reported the incident to the authorities. If you’re a Unifi Mobile customer but did not receive a message from TM, then you were not impacted. They also point out that customers won’t be experiencing any service disruptions while they add on further security measures. ― SoyaCincau