In April of this year, a record number of new leaks were recorded when thousands of Singaporeans’ records were on sale in dark forums. These data can be used not only for simple fraud but also by foreign governments to gather intelligence information.
One of the main sources of these leaks is the infamous underground forum XSS. Resecurity analysis reveals that many data leaks were not disclosed by affected organizations, leaving victims unaware of the compromise of their documents. Cybercriminals are also trading forged documents that are extremely hard to differentiate from genuine ones due to the inclusion of complex security features like holograms.
Singpass accounts, which grant access to government and private sector services in Singapore, have also been identified on dark websites. Despite having two-factor authentication, vulnerabilities in Know Your Customer (KYC) processes are often exploited with the help of insiders, leading to fraud, money laundering, and identity theft.
In June 2024, a total of 2377 compromised Singpass accounts were discovered, with Resecurity notifying the victims independently. The main reason for compromise is malware programs that steal information.
To reduce risks, Singapore residents are advised to report any theft of their Singpass accounts promptly, enable two-factor authentication, change passwords regularly, and monitor their account activity closely. Companies, on the other hand, should develop and implement stronger digital identification protection programs to safeguard employees and customers from account hijacking and identity theft.