The breach follows 1 Malaysia Pengguna Bijak’s (1MPB) immediate outage after its launch on Tuesday, which government officials blamed on teething problems.
Online community portal Lowyat.net reported this morning that there were “several vulnerabilities” in the RM1.4 million 1pengguna.com site that allowed hackers to pull “signup details, usernames, email addresses and hashed passwords (encrypted).”
Personally identifying information such as names, addresses, birthdays and any banks or companies one does any business with can be used for identity theft or so-called phishing, which use personal details to make a phishing attempt look legitimate.
“These passwords are not difficult to decrypt. You can also use these vulnerabilities to defame the entire site,” Lowyat.net founder and chief executive Vijandren Ramadass told The Malaysian Insider.
Vijandren also said that Lowyat had discovered “a severe lack of security on the site” when it was launched and contacted the website administrator but received no response.
He said that a hacker group called Rilekscrew group also pointed out that “these vulnerabilities allowed almost all the data contained on the server to be remotely accessed.”
“Obviously, this is not an RM1.4 million job. Security and user privacy is a very important issue, especially on a site backed by the government,” he added.
The Malaysian Insider has also obtained a list of over 1,000 user details including that of two site administrators.
The government admitted yesterday that the 1MPB portal was not ready for the 3.5 million hits it has received since being launched two days ago.
Domestic Trade, Co-operative and Consumerism Minister Datuk Seri Ismail Sabri Yaakob said that the 1pengguna.com website had “teething problems” after expecting only 300,000 to 400,000 hits.
The government had launched the portal on Tuesday, saying it will list the prices of 355 products sold at 110 hypermarkets, 100 products at 404 supermarkets, 50 products at 360 wet markets and 100 products at 24-hour convenience stores.
But it was down for most of Wednesday as attempts to obtain prices from the website located at 1pengguna.com resulted in repeated connection failures.