Story image

JobStreet confirms hit by Malaysia data leak - almost 3.9m accounts affected

03 Nov 2017

JobStreet is informing clients by email whether they were caught up in a Malaysia-based data breach that affected 19 different companies.

 “We are writing to notify you that we recently identified a post claiming that personal information from the databases of 19 corporations and associations had been made public, including ours,” the email says.

According to website haveibeenpwned.com, 3,883,455 JobStreet accounts were affected by the breach. It says the information was freely downloadable on a Tor hidden service.

The breach also affected more than 46 million Malaysian users and several telecommunications companies.

Telecommunications providers caught by the breach include Altel, Celcom, DiGi, EnablingAsia, Friendi, Maxis, Merchantrade Asia, PLDT, Redtone, Tunetalk, Umobile and XoX, reports suggest.

It also affected organisations such as the Academy of Medicine Malaysia, the Malaysian Dental Association, the Malaysian Medical Association, and the National Specialist Register of Malaysia. Reports speculate that more than 81,000 records were stolen from these organisations.

“Our investigations established that some personal candidate information pertaining to accounts created before July 2012 has been exposed. To help protect our customers, the team is continuously enhancing our security measures for all user information stored with JobStreet.com,” JobStreet CEO Suresh Thiru says in an email.

According to media reports, that personal information includes identity card numbers, addresses, login IDs, passwords, names, emails and phone numbers.

Haveibeenpwned.com also notes that on JobStreet, dates of birth, genders, geographic locations, marital statuses, nationalities and usernames were also compromised.

The Malaysian Communications and Multimedia Commission (MCMC) may have discovered the possible source of the data leaks, according to Malaysian Communications Minister Salleh Said Keruak.

"We have identified several potential sources of the leak and we should be able to complete the probe soon," he announced.

According to JobStreet’s website, more than 15 million candidates have found jobs through the platform. The company was founded in Malaysia in 1997 and has a team of 800 employees. It hosts more than 15,000 jobs per day.

It also operates websites across Malaysia, Singapore, the Philippines, India, Indonesia and Vietnam.

In 2014, the company joined the Australian firm SEEK, which manages job listing websites in Australia and New Zealand.

“Your privacy and success in finding the right talent is incredibly important to us. If you have any queries, please do not hesitate to contact our Customer Care at +60-3-2176 0333 or email corpcare-my@jobstreet.com,” the email concludes.

Google puts Huawei on the Android naughty list
Google has apparently suspended Huawei’s licence to use the full Android platform, according to media reports.
Using data science to improve threat prevention
With a large amount of good quality data and strong algorithms, companies can develop highly effective protective measures.
General staff don’t get tech jargon - expert says time to ditch it
There's a serious gap between IT pros and general staff, and this expert says it's on the people in IT to bridge it.
ZombieLoad: Another batch of flaws affect Intel chips
“This flaw can be weaponised in highly targeted attacks that would normally require system-wide privileges or a complete subversion of the operating system."
Forget endpoints—it’s time to secure people instead
Security used to be much simpler: employees would log in to their PC at the beginning of the working day and log off at the end. That PC wasn’t going anywhere, as it was way too heavy to lug around.
DimData: Fear finally setting in amongst vulnerable orgs
New data ranking the ‘cybermaturity’ of organisations reveals the most commonly targeted sectors are also the most prepared to deal with the ever-evolving threat landscape.
IXUP goes "post-quantum" with security tech upgrade
The secure analytics company has also partnered with Deloitte as a reseller, and launched a SaaS offering on Microsoft Azure.
ExtraHop’s new partner program for enterprise security
New accreditations and partner portal enable channel partners to fast-track their expertise and build their security businesses.