Data breaches are getting very rampant these days and it is no surprise that there’s also an increase in elaborate phishing scams that fool victims into providing their online banking credentials. This week, it appears that a database allegedly containing 45 million customers of Malindo Air (now known as Batik Air) has been leaked online through a platform that’s associated with selling personal data.
Malindo Air (a Malaysian airline) database dump published in clear net. The database contains email addresses, dates of birth, physical addresses, passport numbers and phone numbers; claimed to be breached in 2019 pic.twitter.com/MVKlYtDREN
— Adnan (xanda) Mohd Shukor (@xanda) September 5, 2022
As spotted by @xanda, an online individual claims to have records of Malindo Air passengers which were obtained from a data breach back in March 2019. It claims to have a total of 45 million customers and the list is split into two passenger files.
It appears that the thread starter isn’t the only person with such data as another forum member claims to have similar files which contains the unique passenger ID, reservation number, name, address, city, passport number, passport expirty date, contact number, email and emergency contacts. From the sample data, it doesn’t seem to be a clean list as there’s a lot of dummy data and what appear to be duplicated records.
We reported the Malindo Air data breach incident back in September 2019. It was alleged that the data was obtained from a cloud storage service and was leaked by an individual or organisation called Spectre. Malindo Air acknowledged the issue and they revealed that two former employees of its eCommerce partner GoQuo (M) Sdn Bhd in their development centre in India were involved. Police reports were made in both Malaysia and India. Malindo Air said the incident is not related to the security of its data architecture and none of the payment details of customers was compromised. However, they have initiated an auto-reset of all customer passwords and warned customers to be wary of any suspicious calls or emails.
Interestingly, some of the shared sample data in the forum contain passenger records with guquo.com.my email addresses.
Malindo Air has recently completed its rebranding to Batik Air to establish a common identity for full-service airlines within the Lion group. Batik Air is the first Malaysian-based airline to operate the Boeing’s new 737 Max aircraft. In case you didn’t know, it was the first airline in the world to receive the 737 Max 8 in 2017 which offers better economics and performance than its current 737 next-generation fleet.
Related reading
- 3,699 personal data breaches reported in Malaysia since 2017
- iPay88 data breach: BNM instructs banks to notify affected cardholders of extra protective measures
- Malindo Air passengers’ info exposed after airline hit by critical data breach
- Why did Malindo Air rebrand itself to Batik Air?
[ SOURCE ]
