UPDATE: Selangkah said it is conducting an internal probe following the data breach allegations.

"We are aware of recent allegations regarding a potential data breach and a thorough internal probe is currently underway. An official statement will be released in due time once our investigation has concluded.

"To enhance security, we strongly advise all Selangkah App users to update to the latest version, ensuring that users will have the latest security patches,” a Selangkah spokesperson said in a statement to LifestyleTech.

PETALING JAYA: A seller is offering data allegedly belonging to over five million users from the Selangkah app for sale on a data leak forum.

In a post on Feb 26, the seller claimed that the data is “related to Covid-19 vaccination” and consists of 10,027 files, with the price listed at US$1,000 (RM4,761). The seller also listed the source of the data as “Selangkah.my”.

Based on a sample provided by the seller, the data allegedly includes information such as full name, MyKad number, MySejahtera user ID, age, gender, email, contact number and medical information.

The alleged data sample also includes details revealing the name of the doctor administering the vaccination, along with a medical officer ID and vaccination location as well as serial number.

Based on LifestyleTech checks, the data sample shows the same names and details appearing multiple times, indicating that the total number of users affected may be less than the five million claimed by the seller.

When contacted, a spokesperson for the National Cyber Security Agency (Nacsa) said they are investigating if the claim of the five million data is genuine.

LifestyleTech has also reached out to Selangkah.

Selangkah was first released in 2021 as a contact-tracing app during the Covid-19 pandemic. Since then, Selangkah has evolved into an app for users to access various initiatives under the Selangor state government.