[ UPDATE 5/4/2023 09:20 ] The Immigration Department has confirmed that its website was defaced yesterday. However, it emphasised there was no data breach from the incident.
===
It appears that websites belonging to the National Heart Institute (IJN) and Malaysia’s Immigration Department were hacked this morning as some pages were defaced for a short period. At the time of writing, both websites have been restored but remnants of the incident are still visible on cached Google Search Results.
LAMAN WEB JABATAN IMIGRESEN MALAYSIA SEDANG DISELENGGARA
— Imigresen Malaysia (@imigresenmy) April 4, 2023
Dimaklumkan bahawa, laman web Jabatan Imigresen Malaysia (JIM) iaitu https://t.co/wjlb72vzMw sedang diselenggara buat sementara waktu.
➡️ https://t.co/4W2bb4XoGI pic.twitter.com/ToibB6P45y
At 9:43am this morning, the Immigration Department updated that its website is currently undergoing maintenance. However, search results revealed that the website was defaced with the message “Hacked by CaptainSmok3r”.
Laman rasmi Institut Jantung Negara turut digodam pic.twitter.com/Pu4PbYZboD
— Xavier Naxa (@XavierNaxa) April 4, 2023
Meanwhile, IJN’s website appears to have suffered a breach with random descriptions in a foreign language for its search results. From Google’s cache (as captured at 12:10pm local time), it appears that the contact page was replaced with what appears to be a product catalogue for women’s wear.
Other users have also reported seeing product listings of different fashion categories on IJN’s website.
Website ijn pun sekali kena godam dengan fashion brand mana tah pic.twitter.com/cLH3rvVrZa
— nazrin 🔱 (@NazrinAmri) April 4, 2023
Similar to the Immigration Department, the website appears to be restored as the contact page is now showing correctly. Both Immigration Department and IJN have yet to issue an official statement on the incidents.
Related reading
- PM Ismail Sabri’s Telegram account got hacked
- Lawyers want PDPA to be amended to hold govt agencies accountable for data breach
- Auditor-General: Personal data of 3 mil MySejahtera users downloaded via suspicious “super admin” account in 2021
- Are you using LastPass Password Manager? You should change your passwords now
