THE government has been slammed for suggesting that internet users change their passwords following a revelation that 42 million mobile phone accounts in Malaysia were compromised after a data breach.

In Parliament yesterday, Deputy Minister of Communications and Multimedia Jailani Johari told Malaysians to regularly change their passwords and to never reveal personal information on the internet for data protection.

“Datuk Seri Jailani’s comment is dangerously simplistic and avoids the government’s role in ensuring our cyber security,” Petaling Jaya Utara MP Tony Pua said in a statement today.

“More than a month after the private and confidential data of millions were hacked and stolen, all the Deputy Minister of Communication and Multimedia can tell us is, change your passwords regularly?”

Jailani was yesterday responding to a question on what the government was doing to address leakage of confidential data.”

“As users, they should ensure, as best as they can, not to share any personal information on social media.”

“As best as possible, we should change our passwords every three months. And if possible, use an alphanumeric password. And we should not click on strange links because it could have bad consequences,” he had said.

Pua said Jailani’s advice offered “nothing to protect Malaysians from having their personal data being sold”.

“For example, the recent sale of the breached personal data of millions shows just how vulnerable Malaysians are to having our information stolen – and it has absolutely nothing to do with the need for users to change passwords regularly.”

Pua said the ministry’s response did not only show how misplaced its priorities were, it also showed the government was utterly clueless about how to address the problem.

“Rather than assure people of an investigation, the MCMC’s (Malaysian Communication and Multimedia Commission) first move was to take down the initial news report of the sale.”

Last week, the government blocked the website sayakenahack.com, which allows users to key in their identification numbers to check if their data had been compromised.

“The question that keeps re-emerging is, who is the government really protecting with these measures? It appears that they are more inclined to protect the reputation of the huge corporations which are entrusted with our confidential data by covering up the scandal, instead of taking the bull by the horns to protect everyday Malaysians,” Pua said.

In a survey by global cybersecurity firm Kaspersky Labs, Malaysian servers are found to be the most compromised in Southeast Asia. – November 21, 2017.