Computer server found storing personal info
24th August 2004 (The Star)
By RASLAN SHARIF

PETALING JAYA: A computer server has been found storing confidential account login details of Internet users in several countries, including Malaysia.

The usernames and passwords for online banking, Internet access, and online entertainment service accounts belonging to Internet users in Malaysia were found on the server, according to the Malaysian Computer Emergency Response Team (MyCERT).

MyCERT was alerted of the finding last week by its Australian counterpart AusCERT, which also reported that the server held similar information belonging to users in Australia and other countries besides Malaysia (see In.Tech today).

"We immediately alerted the respective parties, and they closed down the affected accounts within minutes of being informed," MyCERT manager Solahuddin Shamsuddin said.

However, no police report was lodged "as we did not have the relevant information on the server, such as its IP (Internet Protocol) address, location or its administrator," he said.

While only three accounts were compromised, Solahuddin said the breach was still a concern.

"We believe it is serious," he said. "Users should be very concerned as the impact could be severe."

It was also unclear whether one or more users in Malaysia were affected, or if the service providers concerned had informed them.

MyCERT manager Azhari Yunus said Internet users could no longer rely solely on anti-virus software to protect their computers.

"You need to have a personal firewall and an anti -spyware programme installed as well," he added.