Jump to content

1560 SingPass accounts hacked?

Darthrevan

By Darthrevan,
in Lite & EZ

 Share

Recommended Posts

Sosaria

Sosaria

Twincharged

 

huh? Orr... I thought now better because they won't pass their handphones to us... [;)] even if using token only those with the token then can login... if not how?

 

That's what I'm talking about. The elderly will give their password AND token to the person who help them deal with all this high-tech computer thingy beyond their understanding... ! Back to the same old problem of lack of security.

 

Not blaming the older generation, but really a problem of the system design and implementation that no one thought about or just brushed aside.

↡ Advertisement
Link to post
Share on other sites
Thedream

Thedream

3rd Gear

 

That's what I'm talking about. The elderly will give their password AND token to the person who help them deal with all this high-tech computer thingy beyond their understanding... ! Back to the same old problem of lack of security.

 

Not blaming the older generation, but really a problem of the system design and implementation that no one thought about or just brushed aside.

 

yah lor, so only the person with the token can login, unlike previously anyone who knows the password can login - more secure, no?

Link to post
Share on other sites
Showster

Showster

Twincharged

No worries, we have the Lemon Law to protect against lemons.

Your SingPass is worth $100 each, to apply for visa.

 

Man sold SingPass account details to China syndicate

 

A former administrative assistant cracked the passwords of about 300 SingPass account holders, then sold the details to a China-based syndicate involved in sham Singapore visa applications.

James Sim Guan Liang, 39, pleaded guilty to 73 charges yesterday and had another 813 taken into consideration. Most of the offences committed come under the Computer Misuse Act.

Between March and May 2011, Sim made tens of thousands of log- in attempts from his home in Toa Payoh, after realising that people could use their NRIC number as their SingPass password.

He keyed the SingPass log-in details into the e-services websites belonging to the Media Development Authority and Central Provident Fund Board.

To increase his chances of cracking the passwords, he would make changes to the last one or two digits of the SingPass ID and its alphabet suffix. Once successful, he would use the credentials to log onto a different government website to retrieve the account holder's personal particulars.

 
 

After compiling these details, Sim would e-mail them in batches to a person with the pseudonym "Lemon", to help the syndicate make a false statement to get a Singapore visa. Details from 293 SingPass accounts were unlawfully disclosed by Sim, who received $300 for each batch he gave to Lemon.

The syndicate, based in Zhejiang, successfully applied for 23 visas. Twenty Chinese nationals entered Singapore using those visas.

Three were subsequently found to have committed criminal offences while in Singapore. They have since been dealt with and repatriated. The status of the rest is not known.

Sim became involved in the syndicate in 2006, after meeting Lemon at a gathering with members from a now-defunct social networking website. Lemon told Sim he could make some money by handing his NRIC over for a day.

http://www.straitstimes.com/singapore/courts-crime/man-sold-singpass-account-details-to-china-syndicate

 

  • Praise 1
Link to post
Share on other sites
Jman888

Jman888

Moderator

so what can they do with your singpass n pw

they cant even take your money in there

 

 

if can take, everyone will be praising that guy as hero liao   [laugh]  [laugh]

  • Praise 1
Link to post
Share on other sites
Kusje

Kusje

Supersonic

Anybody tried replacing their OneKey token ? Why need to pay $15 ?  [hur]  [hur]

 

You thinking of raiding our reserves ah?

Link to post
Share on other sites
Jman888

Jman888

Moderator

Anybody tried replacing their OneKey token ? Why need to pay $15 ? [hur][hur]

what is that? you not using the sms pin?
Link to post
Share on other sites
Kb27

Kb27

Supersonic

Anybody tried replacing their OneKey token ? Why need to pay $15 ?  [hur]  [hur]

 

hardware always costs money.

Link to post
Share on other sites
Watwheels

Watwheels

Supersonic
(edited)

If using sms pin it's free. First token already given free. Still want to hiam.

 

 

I support making ppl pay after the first token. Becoz there are a lot of idiots and morons out there. They will throw it down a hdb flat, throw it into a pond (just that day I pulled out an obike out of a pond along a park connector), throw and let strangers pick it up and abuse it.

 

Think of it this way....if you had bothered to take care of it you don't even have to worry paying for a replacement.

 

Why do you think govt make ppl pay more and more to get a pink nric card replacement. It's catered for some Singaporeans who couldn't be bothered.

Edited by Watwheels
  • Praise 2
Link to post
Share on other sites
Kusje

Kusje

Supersonic

If using sms pin it's free. First token already given free. Still want to hiam.

 

 

I support making ppl pay after the first token. Becoz there are a lot of idiots and morons out there. They will throw it down a hdb flat, throw it into a pond (just that day I pulled out an obike out of a pond along a park connector), throw and let strangers pick it up and abuse it.

 

Think of it this way....if you had bothered to take care of it you don't even have to worry paying for a replacement.

 

Why do you think govt make ppl pay more and more to get a pink nric card replacement. It's catered for some Singaporeans who couldn't be bothered.

 

What if really spoilt? Or what if battery run out?

 

Banks will give free replacement (after a year I think). 

Link to post
Share on other sites
Watwheels

Watwheels

Supersonic

What if really spoilt? Or what if battery run out?

 

Banks will give free replacement (after a year I think). 

 

According to their website can go to their two office (PSA buidling and International bulding). Need to charge $15 for the replacement it's not stated. Anyway can call up their hotline and enquire. What to do? Ppl like to treat MCF as the universal hotline.

Link to post
Share on other sites
1fast1

1fast1

Supersonic

This one.

 

onekey-token.png

Does using this mean the sms 2fa option is completely inactivated? Because if that is left intact, you are just adding inconvenience with no added security.
Link to post
Share on other sites
1fast1

1fast1

Supersonic

Not all services accept SMS-only, e.g. CDP requires OneKey.

 

I see. I trade through my broker so I am unfamiliar with CDP login.

Link to post
Share on other sites
Mcf777

Mcf777

Turbocharged
(edited)

Anybody tried replacing their OneKey token ? Why need to pay $15 ?  [hur]  [hur]

 

i dont know about your One Key

 

I just replaced my DBS token (no battery), free of charge.

Edited by Mcf777
↡ Advertisement
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...