Over 1,500 SingPass accounts potentially accessed without authorisation

[samstom]

The Infocomm Development Authority of Singapore has filed a police report after it was notified that 1,560 SingPass user IDs and passwords may have been accessed without permission.

SINGAPORE: Over 1,500 SingPass users may have had their IDs and passwords accessed without their permission. The Infocomm Development Authority of Singapore (IDA) was notified on Monday (June 2) by the SingPass operator that a number of users had received a SingPass password reset notification letter, even though they did not request for a password change.

IDA's preliminary investigations show that 1,560 users' IDs and passwords were potentially accessed, of which 419 passwords were reset. Password reset notification letters were sent to the registered address of SingPass account holders.

The IDA has filed a police report on Tuesday, but the authority's checks so far show there is no evidence to suggest the SingPass system has been compromised. Passwords of all affected users have been reset, and the IDA is in the process of notifying them.

Said Ms Jacqueline Poh, the Managing Director for the Infocomm Development Authority of Singapore: "For every individual, the incident underlines the importance of taking personal responsibility for cyber security."

"The Government strongly urges all SingPass users to take the necessary precautions to enhance their cyber security. They should ensure that they use strong passwords to access not only SingPass but all the other e-services they subscribe to. Strong passwords contain a combination of numerical figures, capital letters, and are at least eight characters long. Users should also install anti-virus software and update all their software regularly."

The SingPass is a single-factor authentification system for all government e-services. It has 3.3 million users, and covers more than 340 e-services for 64 government agencies. These include services for the Central Provident Fund (CPF) Board, the Inland Revenue Authority of Singapore (IRAS) and the eCitizen online portal. For Singapore citizens and Permanent Residents, the SingPass ID is commonly their identity card (NRIC) numbers. Employment Pass Holders are eligible for the SingPass as well. There were 57 million SingPass transactions in 2013.



- CNA/ly

 

[songsongjurong]

Guess what,?to beef up Singpass security , AIM a $2/- company helm by PAP MP awarded $250million contract with annual maint. contract $25million.

 

[chootchiew]

I don't get it here, IDA is awarded projects to develop Singpass. Now they file a police report, ask police to track for them ? Then police will ask the filer, which is IDA to investigate ?

 

[palden]

Few years ago already happeneing to me. Make police report no use la. No sound no picture. Make use of my account apply for entry permits for PRC.

 

[Narong Wongwan]

Loansharks legal and illegal now ask for singpass....even when apply bank loans also.
Perhaps related?

 

[fishbuff]

just a matter of time.

their databases change hand so many times across multiple vendors. someone with the bright idea would have copied and dumped out the database easily.

 

[samstom]

got happen before, so no precautions taken?
http://features.insing.com/feature/...or-visa-applications-id-52523f00/id-52523f00/

A pilot has posted a complaint on Deputy Prime Minister and Home Affairs Minister Teo Chee Hean’s Facebook page saying that his SingPass was hacked and used to sponsor seven visa applications.

This is the second time such an incident has happened this month. Earlier this June, the SingPass account of an IT employee was allegedly hacked and also used to apply for seven visas.

The pilot, 42 year-old Raymond Lim, only found out his SingPass was hacked when he received a call from the Immigration & Checkpoints Authority of Singapore (ICA) on 25 June asking for his assistance on two incomplete visa applications.

According to the report in Lianhe Wanbao, Mr Lim received the call from ICA at 7.30am that day telling him that two visa applications he was sponsoring, which were intended for Chinese nationals, had no photos of the applicants and could not be processed. He was asked by ICA to send over photos of the two applicants.

Mr Lim said he was shocked and quickly informed the person from the ICA that he had not sponsored any visa application. He later found the names and particulars of five more strangers listed under him when he logged on to the e-Visa Pass Status Enquiry section on the ICA website. The five consisted of males and females aged between 10 and 45-years old.

The two applications ICA had rung him about were also listed, and marked ‘incomplete’.

In the same report by Lianhe Wanbao, the man was interviewed saying, “This is outrageous!” he said. “I have not applied for anything or signed anything, yet five applications were approved. What is wrong with our country’s security system?”

He added that he was unsure whether the five people whose visas were approved have already entered Singapore and is worried that he might be implicated if they engage in any illegal activities.

Mr Lim believes that his account might have been hacked when he tried to apply for a visa for his mother-in-law. He said that he filled in an online form on the ICA website when his mother-in-law from China wanted to stay in Singapore for a short while. He said his mother-in-law’s application was rejected.

According to Mr Lim, the ICA told him to change his SingPass password immediately and said that they will be investigating all applications that have been filed using Mr Lim’s account.

 

[halsey02]

>Mr Lim believes that his account might have been hacked when he tried to apply for a visa for his mother-in-law. He said that he filled in an online form on the ICA website when his mother-in-law from China wanted to stay in Singapore for a short while. He said his mother-in-law’s application was rejected>

Mr.Lim & his China Mother In Law are 'recruiter'....ha ha ha

 

[JHolmesJr]

A better plan would be to send out approval letters to all the cunts who hacked the guys account and catch them when they show up.

 

[halsey02]

A better plan would be to send out approval letters to all the cunts who hacked the guys account and catch them when they show up.

They suspected Mr. Lim was the ring leader & his mum in law was the backer... ha ha ha so they contacted him...

 

[JHolmesJr]

Aah....'contacted'.....ok.

 

[halsey02]

Aah....'contacted'.....ok.

The pilot, 42 year-old Raymond Lim, only found out his SingPass was hacked when he received a call from the Immigration & Checkpoints Authority of Singapore (ICA) on 25 June asking for his assistance on two incomplete visa applications."

ICA : Pilot Lim over
Pilot Lim : Send Over

so they CONTACTED him....

ICA : Meet me at Sector Lavender & come to India Charlie Alpha building over..
Pilot Lim : Roger & Out.

 

[laksaboy]

It is such a great relief to have never logged into a Gov sg website using Singpass.

It is a stupid system anyway.

 

[Satyr]

Guess what,?to beef up Singpass security , AIM a $2/- company helm by PAP MP awarded $250million contract with annual maint. contract $25million.

Singpass is single factor authentication , not good

 

[samstom]

Is sinkpass under Yakult's ministry? It was just Yesterday only Yakult and pinkie say they want to fix Trolls on his fb
now their SinkiePass 1,500 accounts tio hacked,so they song or not?

Will he say Sorry or blame it on sinkees again?

 

[po2wq]

... Will he say Sorry or blame it on sinkees again?

ah yakobz wil use his favorite line ofcos! ...

it happens once in 50 yrs! ...

 

[kingrant]

Indeed, God moves in mysterious ways...so does the PAP.

I don't get it here, IDA is awarded projects to develop Singpass. Now they file a police report, ask police to track for them ? Then police will ask the filer, which is IDA to investigate ?

 

[makapaaa]

Said Ms Jacqueline Poh, the Managing Director for the Infocomm Development Authority of Singapore: "For every individual, the incident underlines the importance of taking personal responsibility for cyber security."

=> Oh, it becomes SGs' fault again? 60%, song bo?

 

[Spock]

I don't get it here, IDA is awarded projects to develop Singpass. Now they file a police report, ask police to track for them ? Then police will ask the filer, which is IDA to investigate ?

They may require police approval to obtain personal information from the telcos or if they manage to trace the perpetrators as originating outside of SG, they will require police assistance with cross-border investigations.

 

[Confuseous]

"The IDA has filed a police report on Tuesday, but the authority's checks so far show there is no evidence to suggest the SingPass system has been compromised. Passwords of all affected users have been reset, and the IDA is in the process of notifying them. (If this is not a compromise, then what must happen before the system is compromised. Seemingly, just another attempt at play of words).

Said Ms Jacqueline Poh, the Managing Director for the Infocomm Development Authority of Singapore: "For every individual, the incident underlines the importance of taking personal responsibility for cyber security." (What the fcuk. IDA computer got hacked, and we are told to be responsible for our own cyber responsibility? What have THEY done to ensure that our data are protected?)