PETALING JAYA: Maxis released a statement saying that it did not find any issues with its systems after the notorious hacker group R00tk1t claimed to have breached its infrastructure and threatened to expose a “treasure trove of customer data”.
However, it discovered a suspected incident of unauthorised access to a system belonging to one of its third-party vendors.
“Earlier today, Maxis received a report alleging a cybersecurity breach. We immediately launched an investigation to determine the validity.
“While we did not identify anything related to our own systems, we identified a suspected incident involving unauthorised access to one of our third-party vendor systems that resides outside of Maxis' internal network environment,” it said.
While it didn’t name the company, it said it would be working with it to investigate further and had also informed the relevant authorities.
“Our customers’ privacy and security are of the utmost importance to us, and our ongoing priority is a thorough assessment and containment.” it said in the statement.
“We will continue to provide necessary updates on developments,” it said, adding that additional defence measures are also being put in place to reduce any further risk.
In its Telegram group, R00tk1t posted three screenshots of what appears to be a database of users.
The screenshots do not include personal identifiable information (PII), but show other details like the type of user affected (home or SME), the model of a user's router or modem, and what appears to be a serial number for each line.
It remains to be seen if the hacker group has additional data that was excluded from the sample screenshots.
Judging from the screenshots, the data, if accurate, appears to belong to broadband users rather than mobile subscribers.
R00tk1t previously warned that it would be targeting the Malaysian Internet infrastructure on Jan 26.
On Jan 30, the group claimed to have breached Aminia, a local palm oil and network solutions company.
Aminia is also a provider of cloud services, Internet of Things (IoT) technologies, and networking equipment such as routers.
The post includes a screenshot of what appears to be a back-end dashboard belonging to the company.
Yesterday (Feb 4), it also claimed to have defaced and breached a local tutoring course website, YouTutor, and stolen a database containing 1,886 lines of user data. It included a zip file with an Excel sheet of the database.
The allegedly leaked database included PII such as full names, addresses, email addresses, phone numbers, MyKad numbers, and user IDs belonging to the company's staff, teachers, and students.