• IP addresses are NOT logged in this forum so there's no point asking. Please note that this forum is full of homophobes, racists, lunatics, schizophrenics & absolute nut jobs with a smattering of geniuses, Chinese chauvinists, Moderate Muslims and last but not least a couple of "know-it-alls" constantly sprouting their dubious wisdom. If you believe that content generated by unsavory characters might cause you offense PLEASE LEAVE NOW! Sammyboy Admin and Staff are not responsible for your hurt feelings should you choose to read any of the content here.

    The OTHER forum is HERE so please stop asking.

Shiok?! hackers finally attacking your SINGPASS PAP finished & us as well

tun_dr_m

tun_dr_m

Alfrescian
Loyal
http://news.asiaone.com/news/digital1/more-1500-singpass-accounts-accessed-illegitimately-ida

More than 1,500 SingPass accounts accessed 'illegitimately': IDA

131

14

0

20140604_singpass.jpg
Irene Tham
The Straits Times
Wednesday, Jun 04, 2014

In a hastily-called press conference late Wednesday evening, the Infocomm Development Authority (IDA) said it was notified on June 2 by its contractor, locally-based CrimsonLogic, that a number of SingPass users had received a SingPass reset notification letter although they did not request for any password reset.


Get the full story from The Straits Times.

Here is the statement from IDA:

On Monday, June 2, 2014, IDA was notified by the SingPass operator that a number of SingPass users had received a SingPass Password Reset Notification Letter even though they did not request for any password reset.

IDA's preliminary investigations revealed that 1,560 users' IDs and passwords had potentially been accessed without the users' permission.

An anomaly was detected between the number of mobile numbers used for Immediate Reset One-Time Passwords and the number of SingPass accounts that they were tied to.

Of these 1,560 users, 419 passwords were also reset triggering the SingPass Password Reset Notification Letters to be sent to the registered address of the actual account holder.

A police report was lodged on June 3, 2014 and the matter is currently under investigation.

Based on IDA's checks, there is no evidence to suggest that the SingPass system has been compromised.

The passwords of all affected users have been reset and we are in the process of notifying them of this incident.

"For every individual, this incident underlines the importance of taking personal responsibility for cyber security. The Government strongly urges all SingPass users to take the necessary precautions to enhance their cyber security. They should ensure that they use strong passwords to access not only SingPass but all the other e-Services they subscribe to. Strong passwords contain a combination of numerical figures, capital letters and are at least eight characters long. Users should also install anti-virus software and update all their software regularly," said Ms Jacqueline Poh, Managing Director of the Infocomm Development Authority of Singapore.

The Singapore Government takes cyber security very seriously. The protection of personal data and the delivery of secure e-Services are critical. We will continue to strengthen all Government e-Services as part of on-going efforts to enhance security. Users can visit the GoSafe Online website at www.gosafeonline.sg to learn more about how to protect themselves against cyber threats or seek assistance.
Pages
 
laksaboy

laksaboy

Alfrescian (Inf)
Asset
The Singapore Government takes cyber security very seriously. The protection of personal data and the delivery of secure e-Services are critical. We will continue to strengthen all Government e-Services as part of on-going efforts to enhance security. Users can visit the GoSafe Online website at www.gosafeonline.sg to learn more about how to protect themselves against cyber threats or seek assistance.
Click to expand...

SG gov... please fuck off with that bullshit. :rolleyes:
 
tun_dr_m

tun_dr_m

Alfrescian
Loyal
http://www.todayonline.com/singapore/1560-singpass-user-accounts-breached


1,560 SingPass user accounts breached
1,560 SingPass user accounts breached
Screenshot of the SingPass reset website.
Passwords reset, personal information possibly exposed, but no losses reported so far

mail
print
View all 0 comments
Share on Tumblr

By
NG JING YNG
Published: June 5, 4:04 AM
(Page 1 of 2) - NEXT PAGE | SINGLE PAGE

SINGAPORE — More than 1,500 SingPass accounts have been cracked, possibly exposing these users’ sensitive personal information, such as where they live and how much they earn.

Although no losses have been reported so far and there is no evidence at this point to suggest that SingPass’ system has been compromised, about one-quarter, or 419, of these users have had their passwords illegally reset, said the Infocomm Development Authority of Singapore (IDA) yesterday.

SingPass was set up for Singapore residents — aged 15 and above — in 2003 to perform more than 340 online transactions with government agencies. Examples of these transactions include accessing Central Provident Fund accounts, filing income taxes and checking medical records. There are now more than 3.3 million SingPass users.

The breach surfaced over the weekend when 11 SingPass users raised the alarm after receiving letters informing them that they had requested for a password reset, though they had not.

After SingPass operator CrimsonLogic flagged the problem on Monday evening, the IDA launched a probe and learnt the scale of the breach: A total of 1,560 SingPass users have had their account profiles illicitly updated to be tied to a disproportionately small pool of Singapore-registered mobile numbers. The IDA declined to say how many of these suspicious mobile numbers there were.

A one-time password is sent to a user’s listed mobile number as an added layer of security check when he or she wants to change his or her SingPass password. Further, the user also has to answer at least two out of a list of questions, for verification.

In a hastily-convened press conference yesterday evening, the IDA said it lodged a police report on Tuesday. The SingPass passwords of all of those affected have also been reset and users are in the process of being notified.

The latest breach comes in the wake of several cases of confidential private data being stolen. For instance, in December last year, Standard Chartered said bank statements of 647 of its private banking clients had been stolen from a server of a printing company.

A month earlier, the data of about 4,000 individuals — including their names, email addresses, phone numbers and, in some cases, nationalities — that was stored on the Singapore Art Museum’s (SAM) website was exposed on an overseas website earlier that month.

IT security experts told TODAY the breach could have been due to SingPass data being stolen from some online database, or through leaks exploited by malware infecting users’ computers.
(Page 1 of 2) - NEXT PAGE | SINGLE PAGE
Pages


Passwords reset, personal information possibly exposed, but no losses reported so far

mail
print
View all 0 comments
Share on Tumblr

By
NG JING YNG
Published: June 5, 4:04 AM
(Page 2 of 2) - SINGLE PAGE

Mr Anthony Lim, who is a member of the Application Security Advisory Board at not-for-profit association for information security professionals ISC2, said data containing SingPass account information could have been inadvertently leaked or found by the perpetrators.

Mr Chong Rong Hwa, staff malware researcher from network security firm FireEye, said: “The attackers could then guess the passwords if the user did not use a strong password.” He pointed out that users could have also infected their computers unknowingly by visiting websites with malicious bugs. The software would then be able to capture data from the users’ computers, including NRIC or personal information they had previously keyed in.

While the experts agreed that users have a part to play by changing their passwords regularly, Mr Chong suggested that security for the SingPass system be beefed up by installing a mechanism that sends out alerts when a hitherto infrequent SingPass user’s account sees a spike in activity, for instance.

A two-factor authentication system — a standard feature for e-banking — could also be considered, though Mr Chong pointed out challenges such as the cost of issuing all users with a security token, as well as having to revamp the system.

Currently, users only need to key in their NRIC and SingPass password.

Ms Jacqueline Poh, IDA managing director, said: “We continue to explore the use of two-factor authentication for e-government transactions, particularly for those involving sensitive data ... In the meantime, we have put in place multiple levels of security such as captcha and sending letters to your residential addresses when SingPass passwords have been changed. These measures are already in our system.”

She stressed that this incident underlines the importance of taking personal responsibility for cybersecurity. “The Government strongly urges all SingPass users to take the necessary precautions to enhance their cybersecurity ... Users should also install anti-virus software and update all their software regularly,” she added.
 
You must log in or register to reply here.

Similar threads

SBFNews
New Singpass face verification feature for CPF log-in to protect vulnerable Singaporeans against malware scams
Replies
3
Views
773
k1976
k1976
meaninglesslife
Telegram tells PAP to fuck off
Replies
0
Views
816
meaninglesslife
meaninglesslife
meaninglesslife
adrian kong kana rob
Replies
1
Views
750
ODACHEK
ODACHEK
Hightech88
Singaporean family 'went into a state of shock' after seeing S$150,000 in life savings drained by egg scam
2
Replies
30
Views
2K
millim6868
M
T
PAP to Hackers! New Singpass opportunities Pse Cum & HACK the fuck of it! Hack LHL's Bank Statement put online! Not his cancer details pse!
Replies
1
Views
3K
steffychun
S
Top