KUALA LUMPUR, Oct 17 — Private banking details of Malaysians registered to receive fuel subsidies were reportedly disclosed on a government website up until this morning.
Popular tech blog Lowyat.net said it had conducted several tests using five different Mykad numbers on the BSH microsite yesterday and found that the complete personal bank account number came up instead of just the last four digits with the rest masked, as is supposed to be the case.
The original article under “Program Subsidi Petrol Microsite Found Disclosing Recipient’s Bank Account Details” has since been removed, including screenshots of the bank account details as shown on the petrol subsidy programme website provided by Lowyat.
Instead, the blog now posts this message: “We have received an update from the ministry regarding this issue. This content will be republished after the vulnerability has been fixed” in place of the earlier article.”
Malay Mail’s check on the subsidy website showed that the slip-up appears to have been fixed.
When contacted, a spokesman for the Domestic Trade and Consumer Affairs Ministry said it took note of the article and its allegations and will issue a statement later.
Lowyat previously said close to 2.9 million Malaysians are estimated to receive the petrol subsidy, noting that they are eligible as long as they have a vehicle registered in their name.