Astro IPTV Data Leaked – Customers Data Available Online For Sale

It would feel fairly perturbing to find your data available online for sale, wouldn’t it? Astro IPTV faced a similar situation when it found that its customers’ data was available online for sale recently.

All-Asian Satellite Television and Radio Operator, or Astro, is a Malaysian DBS Pay TV service, providing digital satellite TV and radio to their customers. Astro IPTV is a subsidiary of Astro which provides services such as HDTV, video-on-demand and high-speed internet. As reported by Lowyat.net, the data of around 60,000 customers of Astro IPTV was discovered for sale by some unknown seller. It clearly hints another major data leak.

Astro IPTV Customers’ Data Available Openly For Sale

Early Wednesday, Lowyat.net revealed the availability of a large chunk of customers’ data available for sale. The data allegedly belonged to Astro IPTV, which included customer names, installation addresses, contact numbers, Portal ID and equipment details, and MyKAD numbers, along with the details for their subscribed packages.

The sellers have put the data online for sale for RM 4,500 for 10,000 records, approximately 1,132 USD. This makes approximately RM 0.45 or 11 cents USD per single customer. The total data offered by the sellers was nearing 60,000 customers.

The reporters stated that they have promptly informed Astro about this problem. After the news surfaced online Astro officials confirm that they have lodged police reports for this incident. They further confirm that the data contained the details of IPTV customers only. The other systems remain safe.

“Firstly, this relates to IPTV customers provisioned by Maxis only,” says a spokesperson from Astro. “The management of IPTV customers is a joint responsibility between Astro and its telco partner, Maxis Broadband Sdn Bhd (Maxis). No other ASTRO customers are affected.”

The authorities from Astro further confirm that no financial details were leaked. They also say that their security measures are all intact. Once the investigations reveal more information, Astro will update its customers.

“We confirm no customer financial data was disclosed. We’re also working with Maxis to carry out additional forensic investigations.”

This Isn’t Their First Incidence Of A Data Leak

According to Lowyat.net, this is the second time they have stumbled upon this data. The first time, it was in January 2018, when they found data of around 50,000 customers’ details being put online for sale for RM 3,000 (approximately 755 USD) per 10,000 records. That time too, Lowyat.net promptly notified Astro, after which they removed all traces of reported links.  However, they neither made any statement about it nor informed their customers.

Now, this is the second time that the same data chunk was found online for sale. The only change between the two instances is that, earlier, the sellers directly upload a random data of 5,000 as a sample. While this time, they edited the sample details since their action was ‘reported previously’.

Astro officials now confirm that they have taken necessary steps to contain the leak.

“Astro was made aware of this incident on 26 Jan 2018,” says Astro spokesperson. “On the same date, we sought assistance from MCMC.”

“Subsequently, Astro lodged a police report on 8 Feb 2018.”

Furthermore, they reiterate that maintaining the privacy of their customers is of ‘utmost importance’ to them.

Let us know your thoughts in the comments below.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients