Cybersecurity company Surfshark has ranked Malaysia as the eighth most breached country in Q3 2023 with 494,699 leaked accounts.
“The breach rate is 144% higher in Q3 2023 than it was in Q2 2023. Around four Malaysian user accounts were leaked every minute in Q3 2023,” the company said in a statement.
It added that Malaysia is also ranked No. 5 in terms of breach density where approximately 5,436 accounts were breached per day.
Breach density is measured by dividing a country’s total breach number by its population, according to Surfshark.
“This metric allows us to gain a deeper understanding of the likelihood of experiencing a data breach in various countries,” it added.
Released in November, the study looks at global data breaches between July and September in over 200 countries and territories. The company said it is based on data collected by independent partners from 29,000 publicly available databases and aggregated email addresses.
It defined a data breach as an event where the intruder copied and leaked user data such as names, usernames, email addresses and passwords.
Globally, it found that 31.5 million accounts were breached with the US in first place with 8.1 million leaked accounts, followed by Russia (7.1 million), France (1.6 million), China (1.4 million) and Mexico (1.2 million).
“The third quarter of 2023 shows a general decrease in data breach count. Yet every minute, over 240 online accounts were compromised globally, exposing sensitive information to malicious actors,” Surfshark lead researcher Agneska Sablovskaja said in a statement.
She added: “We recommend a vigilant approach by maintaining accounts only on actively used platforms and implementing two-factor authentication for enhanced security.”
After suffering an account breach, the company also recommends that users change their passwords, contact the bank if credit card details were compromised, scan devices for malware and request for leaked accounts to be deleted if they no longer use the service.
CyberSecurity Malaysia report: Government sectors suffered most data breaches, while telcos spilled over 400GB of data in H1 2023
According to the CyberSecurity Malaysia report, the government sector experienced the greatest number of data breaches, while the telecommunications sector leaked the highest volume of data in the first half of the year.
In the Mid-Year Threat Landscape Report 2023, it said the government sector accounted for 22% of breaches, followed by telecommunications at 9%.
The education and retail sectors each accounted for 6%, while an assortment of other sectors made up the remaining 48%.
The national cybersecurity specialist agency under the Communications and Digital Ministry said that government ministries and agencies “are exposed to significant cyber risks, including vulnerable software, weak access controls, data exposure and other critical issues”.
It recommended a comprehensive assessment across all government agencies, proposing that it cover web and hosting infrastructure, data centres, internal systems and the ministry’s entire ecosystem.
“From the data, we can see that 71% of these incidents are related to Admin Panel/C Panel, customer data and sensitive data leaks,” it said.
As for the volume of data leaked, the agency said a “staggering amount of 842.84GB” was exposed, with the telecommunications sector topping the list (424.92GB), followed by government sectors (291.49GB), banking (62.46GB), IT (14.60GB), and others (49.37GB).
“Alarmingly, 36.96% of the TAs (threat actors) are engaged in selling the leaked data. Even more concerning is the fact that 63.04% of these TAs are in this fray to share the data.
“This could imply a range of subsequent scenarios – from public leaks that are meant to damage reputations to sharing among TA networks for more extensive exploitation,” CyberSecurity Malaysia said in the report.
It named LeakBase, DeltaBoys, Desorden, Actifedot and Juliay as the top five threat actors leaking the country’s sensitive data.
“Out of these sectors, we see three sectors that are the most vulnerable – government, telecommunication, logistics and transportation and banking.
“These sectors are seen as lucrative by TAs, as these sectors’ data are seen as more impactful in terms of the level of sensitivity of the data and in terms of the volume of these data,” it said.
In January alone, the agency estimated that over 40 million records were leaked in various data breach incidents, totalling 13GB in size and involving eight government agencies and nine private entities.
The number of incident reports also increased significantly, from 29 in the third week of January to 48 in the following week.
February recorded the highest number of incidents, totalling 197, with over 28 million records leaked, or 33GB in size, involving nine government and nine private entities.
In the subsequent months, the number of incident reports dwindled.
In June, it was estimated that 823,880 records were leaked with a data size of 417.59GB, involving six government agencies and 20 private entities.
The agency said that the data was aggregated from social media, online news, Cyber Threat Intelligence Platforms and dark web forums.