Sales, Social and Tech

300,000 personal details were leaked to the public in Singapore when a hacker group release K-Box membership details the they hack. In the release data, anybody could obtain the name, address, IC number, mobile number and even their date of birth.  First level of scary is that these details are  often the first questions any credit card or bank operator will ask when a call is made to their hotline.  There are still some security questions that the operator might ask, but those usually are yes/no questions that one can easily answer to get the right permutations. Some websites also use the data above and this could lead to other serious form of identity theft. The next level of scary is that a simple search of the names on Facebook or Google could easily result in portrait photos that could be easily put face to name.  A potential stalker can now visit the address, identify the victim around the area and do much harm, not just to the victim bu...

The announcement that 1,200 SingPass were compromised and that quarter of them had their unauthorized password reset raised the question about cyber security. However, it seems from media reports that the blame is on end users. IDA should also take the responsiblity of the safety of our SingPass details. A FireEye spokesperson suggested that the breach was probably from a malware in a user's device and that it allowed the perpetrator to access 1,200 SingPass. This raises a strong probability that the communication between device and database server may be not as strong as thought. Furthermore, it could highlight that the database server is not as strongly encrypted as a full section was  accessed via a single malware. Media reports noted that IDA was receiving complains over the weekend from SingPass users receiving unauthorized password reset letters and CrimsonLogic only raised the matter with IDA on Monday evening. This resulted in the "hastily" arranged pres...