TheJakartaPost
Please Update your browser
Your browser is out of date, and may not be compatible with our website. A list of the most popular web browsers can be found below.
Just click on the icons to get to the download page.
Ministry denies role in reported leak of 1.3b phone registrations
The Communications and Information Ministry has denied that data on more than a billion registered Indonesian SIM cards, which have reportedly been compromised, was leaked from the ministry
Change Size
T
he Communications and Information Ministry has denied that data on more than a billion registered Indonesian SIM cards that have reportedly been compromised was leaked from the ministry.
On Wednesday, a user named Bjorka from the online-hacking-forum Breach Forums posted a discussion thread claiming to have gotten hold of data entries for some 1.3 billion registered SIM cards in Indonesia, which allegedly includes national identity card numbers (NIK), associated phone numbers and telecommunication-provider markers and registration dates.
The ministry said it had conducted an internal search on the matter and claimed that it did not have any applications that store registration data of prepaid and postpaid SIM cards.
“Based on our observation of the data sample provided by the Bjorka account, it can be inferred that the data did not originate from [the ministry],” it said in a press statement responding to the incident on Thursday.
The ministry said it was investigating the source of the alleged leak and all related matters.
In the online hacking forum, the user claimed to have obtained 87 gigabytes worth of uncompressed user data to offer up for sale.
In the post, Bjorka noted that the Communications and Information Ministry introduced a regulation in 2017 that requires all prepaid cellular phone SIM card numbers to be registered using valid identity cards (KTP) and family registry cards (KK).
The user attached the official ministry logo to the post to suggest it was a leak from the ministry, which then caught the attention of Indonesia’s netizens.
The account also posted 2 million data entries for free as a sample and offered to sell the complete dataset for US$50,000 with payment in either the Bitcoin or Ethereum cryptocurrencies.
It is the latest incident in a worrying trend of online-data breaches, at a time when Indonesian policymakers are dragging their feet and being tight lipped about the passage of a much-awaited personal data-protection bill.
As news of the alleged leak spread, cybersecurity-consultant Teguh Aprianto tweeted on Thursday about how the ministry had promised to get rid of spam if people registered their phone numbers with identification markers.
“We are not freed from spam, as now as many as 1.3 billion phone-number registration-data points that include [one’s] NIK, phone number, telecommunication provider and registration date have been breached and put up for sale. #BlokirKominfo,” Teguh wrote on his Twitter account @secgron, while using a hashtag that has been used to criticize the ministry’s tendency to block services seemingly arbitrarily.
He also tweeted that people could check whether their phone numbers were among the 2 million samples of the alleged data breach at periksadata.com/simcardkominfo, but there was still a possibility of their phone numbers being among the total 1.3 billion registered phone numbers that had been compromised.
