• 中文版
  • BM
  • News
  • Deals
  • Reviews
    • First Impressions
    • Hands-on
    • Comparisons
  • Tech
    • Mobile
    • Computers
    • Cameras
    • Wearables
    • Audio
    • Drones
  • Telco
    • Celcom
    • Digi
    • Maxis
    • Time
    • Tune Talk
    • U Mobile
    • Unifi
    • Yes
  • Cars
  • Contribute
  • Jobs
Menu
  • 中文版
  • BM
  • News
  • Deals
  • Reviews
    • First Impressions
    • Hands-on
    • Comparisons
  • Tech
    • Mobile
    • Computers
    • Cameras
    • Wearables
    • Audio
    • Drones
  • Telco
    • Celcom
    • Digi
    • Maxis
    • Time
    • Tune Talk
    • U Mobile
    • Unifi
    • Yes
  • Cars
  • Contribute
  • Jobs
Search
  • Tech
    • News
    • Mobile
    • Computers
    • Cameras
    • Wearables
    • Audio
    • Drones
  • Telco
    • Celcom
    • Digi
    • Maxis
    • Time
    • U Mobile
    • Unifi
    • Yes
  • Reviews
    • First Impressions
    • Hands-on
    • Comparisons
  • Buyer’s Guide
  • Opinions
  • Digital Life
  • Video
  • Deals
  • How-To
  • Cars
  • Bahasa Melayu
  • EV
  • Contribute
  • Advertise
Menu
  • Tech
    • News
    • Mobile
    • Computers
    • Cameras
    • Wearables
    • Audio
    • Drones
  • Telco
    • Celcom
    • Digi
    • Maxis
    • Time
    • U Mobile
    • Unifi
    • Yes
  • Reviews
    • First Impressions
    • Hands-on
    • Comparisons
  • Buyer’s Guide
  • Opinions
  • Digital Life
  • Video
  • Deals
  • How-To
  • Cars
  • Bahasa Melayu
  • EV
  • Contribute
  • Advertise
Search
Close
Home Digital Life

Potential personal data exposure on LHDN’s payment portal

  • BY Alexander Wong
  • 13 December 2023
  • 3:13 pm
  • Comment
Share on FacebookShare on Twitter

It appears that one of the Inland Revenue Board’s (LHDN) payment portals has a potential data exposure concern. One of our readers has tipped us about a vulnerability which allows unauthorised individuals to view personal details including full name, IC number, address, email and phone number.

The payment portal in question has a receipt API which generates slips in PDF format. However, the slips are accessible publicly by going through the running numbers and they can be viewed without logging in. As shown above, the PDF slips contain personal information which could be misused for nefarious purposes if they fall into the wrong hands. It could also be a potential source for data harvesting.

All government agencies and departments must take proactive steps to safeguard personal information. By right, these slips should only be accessible to the intended user. Our tipster suggested that a possible solution is to use UUID (Universal Unique Identifier) as the slip ID so that it is more random and harder to tamper with compared to the current running number implementation.

We’ve notified and contacted LHDN’s Communications and Security Division on the matter.

Tags: Cybersecuritydata breachData exposureData Protectioninland revenue boardIRBLHDNsecurity
Alexander Wong

Alexander Wong

POPULAR

Potential personal data exposure on LHDN’s payment portal

December 13, 2023

Astro X3 lets you stream instantly with no box or installation, from RM39.99/month

July 7, 2026

The Single-Stock Trap: Why True Tech Investing Means Moving Beyond a Few Famous Tickers

June 25, 2026
Screenshot

Why some ATMs are still charging RM1 for cash withdrawals despite the fee waiver

July 3, 2026
Perodua QV-E EV

Perodua QV-E already received 1,700 bookings? Really?

July 7, 2026

RM32 Per Line with 1TB Shared Data? Inside U Mobile’s New ULTRA Family Suite

May 7, 2026

Copyright © 2025 · SoyaCincau.com
Mind Blow Sdn Bhd (1076827-P)

  • ADVERTISE
  • DISCLAIMER

Copyright © 2026 · SoyaCincau.com – Mind Blow Sdn Bhd (1076827-P)

  • ADVERTISE
  • DISCLAIMER