{
	"id": "7d27f88d-d209-4577-8883-a2aa87c314a1",
	"created_at": "2026-04-11T02:23:22.932413Z",
	"updated_at": "2026-04-11T02:24:15.549214Z",
	"deleted_at": null,
	"sha1_hash": "4c4066b96e07e98c093316d8009d44f4c7946883",
	"title": "Malaysian Telecom RedOne hit by DESORDEN - DataBreaches.Net",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 101583,
	"plain_text": "Malaysian Telecom RedOne hit by DESORDEN -\r\nDataBreaches.Net\r\nPublished: 2022-09-27 · Archived: 2026-04-11 02:09:33 UTC\r\nOn September 19, DESORDEN Group claims to have hit redONE Network Sdn Bhd. redONE is a telecom in\r\nMalaysia with more than 1.2 million subscribers. redONE also offers financial services via bank partnership (its\r\nredCARD program) and insurance services via insurer partnership (its redCARE program).\r\nAccording to statements made to DataBreaches by DESORDEN, when redONE didn’t respond to DESORDEN’s\r\ndemands, DESORDEN launched a second attack on or about September 21, hitting their redCARD and redCARE\r\nprograms.\r\nAs DESORDEN wrote on a popular hacking forum:\r\nThis data breach involved both redONE databases and source coding. Personal data include full name,\r\nNRIC (national identification number), address, phone, email, etc.\r\nAs is their usual pattern, DESORDEN provided samples of data. In this case, there were samples from redONE,\r\nredCARD, and redCARE. All three samples included personal information on customers, and all three samples\r\nhad fields for NRIC.\r\nDataBreaches ran some of the sample data through redONE’s site and confirmed that individuals whose NRIC\r\nappeared in the sample data from redONE do have or did have accounts with redONE. The ID checker page has\r\nsince been taken offline by redONE, but an archived copy of the form as it appeared last year appears below. To\r\nverify that the data in DESORDEN’s sample were real, DataBreaches picked some random entries in the redONE\r\nsample, entered the NRIC in the “Identification No” field, and entered the captcha.  For each NRIC tested, the\r\nredONE checker returned information on the customer’s Account ID, when the account was activated and when it\r\nterminated.\r\nredONE’s ID checker site was taken offline since yesterday. This image is an archived copy from\r\narchive.org from 2021..\r\nhttps://www.databreaches.net/malaysian-telecom-redone-hit-by-desorden/\r\nPage 1 of 2\n\nAlthough DESORDEN has been just leaking some data recently rather than trying to sell it, they claimed that if\r\nthey did not hear from redOne within 48 hours of their last email, the data will be posted for sale publicly. It has\r\nbeen about 24 hours or so since their last email.\r\nDataBreaches sent email inquiries to redONE yesterday to ask them if they would confirm or deny\r\nDESORDEN’S claims about the breach but has received no reply.\r\nSource: https://www.databreaches.net/malaysian-telecom-redone-hit-by-desorden/\r\nhttps://www.databreaches.net/malaysian-telecom-redone-hit-by-desorden/\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.databreaches.net/malaysian-telecom-redone-hit-by-desorden/"
	],
	"report_names": [
		"malaysian-telecom-redone-hit-by-desorden"
	],
	"threat_actors": [],
	"ts_created_at": 1775874202,
	"ts_updated_at": 1775874255,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/4c4066b96e07e98c093316d8009d44f4c7946883.pdf",
		"text": "https://archive.orkl.eu/4c4066b96e07e98c093316d8009d44f4c7946883.txt",
		"img": "https://archive.orkl.eu/4c4066b96e07e98c093316d8009d44f4c7946883.jpg"
	}
}