Malaysiakini logo
This article is 5 years old

Blame uni’s lax security for data leak, says UM 'hacker'

‘MrX’, which claimed to be the hacker who yesterday dumped vast amounts of personal data belonging to University of Malaya (UM) staff, said the varsity is to blame for the data breach due to its lax online security.

“Guess who? Security is low.

“Don’t blame me. Blame UM itself for not prioritising security.

“Nothing is secure. UM (online) security is trash,” the alleged hacker or hacking team said on Facebook early this morning.

MrX further threatened more leaks on an online text content hosting site.

“We are (sic) love all UM student(s),” it added.

The posting also included the line “Biar Mati Dari Hidup Melutut (Better to die than to live on your knees)”, which was a line posted as part of a message about UM’s online e-pay link when it was first hacked on Thursday.

It was reported that a large amount of personal data of UM staff, login IDs and passwords had been leaked yesterday to an anonymous file-sharing site online.

This came several hours after UM claimed no data and information were affected by the hacking of its online e-pay link.

Technology site lowyat.net reported that the leaked information included personal data of both academic and non-academic staff such as payslip details, bank account details and employee tax numbers.

Also released were nearly 24,000 login IDs and hashed passwords, believed to be from UM’s e-pay link, which was reportedly hacked on Thursday.

In a later post, MrX, who earlier included links to the anonymous file-sharing sites on Twitter, said its account had been suspended by the social media platform, citing a violation of rules regarding publishing other people’s private information.

Call for UM to explain online security breach

Meanwhile, activist Wong Yan Ke, who is under police investigation for holding an on-stage protest during his convocation ceremony at UM, denied any link to the hacking and data leaks.

Even so, he said the incident highlighted weaknesses in the varsity’s online systems.

“I do not know who is doing all this (but) I need to clarify that I am not involved in any kind of hacking.

“(However) This shows that people are against what the university had done.

“What we need to highlight here is not whether they are supporting me or not, but we need to highlight that there is a breach of security, which means the security of our (UM) website is prone to risks,” Wong said to reporters today.

“So I think this question is better answered by the university, not by me.”

Wong was speaking during a press conference at the university today after collecting his graduation certificate, which he claimed had been withheld by the institute. UM denies the allegation.

His lawyer Asheeq Ali then called on the university to explain how the hacking took place.

The latter said: “I think UM has to explain how their website can be hacked, how their staff data can be leaked.

“They are supposed to respond because it is their system.”

Malaysiakini has contacted UM for a response.