A TECHNOLOGY blogger said he has created a web-based utility to allow mobile phone subscribers to check if their phone number was one of the 46.2 million accounts that was compromised in a recent data leak.

Its creator, Keith Rozario said that he had uploaded data from Maxis, Digi, Celcom and UMobile for telco users to check if they had been affected by the breach.

“I’ll be adding the smaller telcos later this week… (as for the Malaysian) Medical council (and other breached data) I’m still debating whether I should put that in,” Rozario said on his site today.

The website cross-checks a user’s identification card (IC) number with the data that has been leaked online to determine whether a user’s mobile phone number is part of the leak.

It is unknown whether the IC numbers are saved and collected after the check.

“You don’t have any (assurance that I will save your IC)... I can’t convince you 100% that I’m not a scammer.

“That is just a risk you are going to have to accept when you type your IC into the portal,” Rozario said on his site.

The tranche of data from 46.2 million mobile phone accounts was stumbled upon by Lowyat.net on October 19 and is believed to affect other societies and organisations.

Lowyat.net founder Vijandren Ramadass said the leaks might have happened from many sources and that the data was free and available as a direct download link on several sites.

“But it could have been anything, it could be a vulnerability in the servers or human error. Or even social-engineering attacks. Someone inside could have pulled the data directly from the server,” he told The Malaysian Insight. – November 14, 2017.