THE tech blogger who created sayakenahack.com to help victims whose personal data were leaked in a massive breach will take down the database midnight on Sunday.

Those who wish to check if they are affected by the breach have three days to do it, Keith Rozario wrote on his personal blog.

“You have the right to know,” he said.

The website has been blocked by the Malaysian Communications and Multimedia Commission (MCMC) on grounds that it violated the Personal Data Protection Act which says it is an offence to disclose private information without the consent of users through any platform.

It can still be accessed, however, by changing one’s DNS server settings.

Rozario in his blog post said MCMC had done nothing to assuage public concerns about the breach nor had it even advised the public about what to do.

“Authorities can’t sit on the data for weeks without letting you know on any pretense. The correct authority to do tell you about leaks is the MCMC. But till today they have made no attempt to create such a service, not even communicated a plan to implement one. 

“There is no evidence to suggest they have (or had) any intention to do anything about it,” he said.

Rozario hit out at the internet regulator and online forum Lowyat.net, where the breach was first revealed, for disrespecting public interest and the right to know about the data breach.

“If I can code sayakenahack within four weeks (in my spare time, while holding a nine-to-five job, being a father and husband) there is no logical reason why the MCMC or the telcos couldn’t do something better in a shorter time-frame,” he said.

He said Lowyat.net, in acceding to MCMC’s request to take down the article that broke the news about the breach, displayed “elitism” that  implied ordinary Malaysians without the technical skills to find data online were not entitled to know that they had been victimised.

“This data is freely available for anyone to download. The only people with the skills to find it, though, are people we generally refer to as ‘geeks’ or ‘hackers’.

“To ban sayakenahack is to say geeks and hackers can access the data — but not the average joe. It’s emphasising that normal people don’t deserve that knowledge while geeks and hackers do.

“This is elitism, and it’s wrong,” he said. 

Rozario pointed out that Lowyat.net knew the importance of informing the public about the breached data, and its explanation that sayakenahack.com was blocked to “because it’s not right to manipulate the stolen data” was wrong.

He said he had “masked” the breached data on sayakenahack.com and not manipulated it.

“Masking is the intentional removal of data, to protect its confidentiality. I went out my way to ensure that enough data was left so that users could still identify their numbers, yet not enough for somebody else to guess.”

He said sayakenahack.com was a secure site to prevent theft of the breached data and its benefits to the public “outweigh the risk of getting it hacked”.

Rozario said he still believed he was doing the right thing in the public’s interest, even if it was not “legally permissible”.

He also said he would not respond to requests from journalists who can contacted him, adding that he was cancelling all interviews and would stop posting on the data breach for a while. – November 17, 2017.