By Nur Farah Ilyana Idros

In June 2025, researchers uncovered what is believed to be the largest data breach in history. More than 16 billion passwords linked to major platforms like Google, Apple, Facebook and others were found exposed online.

This was not simply a case of old data being reused. Experts confirmed that the breach included fresh, active login credentials. This makes it especially dangerous, as cybercriminals could target almost any online service using the stolen information.

Even more concerning is that not all the data was stolen through sophisticated hacking. Much of it was exposed due to simple human error, such as saving passwords in unsecured files or reusing weak passwords across different platforms.

A comprehensive academic study, published in Communications of the ACM, which analysed over 28 million users across 107 services, found that only 17% of users created fully unique passwords for each account.

A staggering 38% used the exact same password, and another 20% made only minor tweaks, such as changing a number or adding a symbol.

This means a single compromised password could grant access to multiple linked accounts, including email, banking, and sensitive government platforms.

What does this mean for Malaysians?

As Malaysia moves further into the digital space, this global breach should serve as a local warning.

Malaysians are increasingly relying on the internet for essential services such as banking, shopping, healthcare and accessing government and private services. But with increased convenience comes increased exposure.

Local threats are on the rise. Between 2024 and 2025, a total of 96 data breach incidents involving public sector user accounts were recorded by NC4 under the National Cyber Security Agency (NACSA), with cases almost doubling from 34 in 2024 to 62 in 2025.

Most of these incidents involved stolen usernames and passwords, through phishing, ransomware, or other cyberattacks.

While the exact source of each breach is often unclear, one thing is certain: cyber threats are becoming more frequent and sophisticated. Malaysians must stay alert and take steps to protect their digital identities.

Strengthening our digital foundations

This is where stronger systems come in, not just for companies, but for individuals. One promising development is MyDigital ID, Malaysia’s national digital identity initiative.

MyDigital ID provides a secure and verified identity layer by using biometric features such as fingerprints or facial recognition to confirm a user’s identity, uniquely verified against official government database.

This ensures that only the rightful individual can access digital services, whether it's for government or private platforms.

Unlike traditional username-and-password logins, MyDigital ID supports multi-factor authentication to strengthen trust and security in the digital space, helping to protect users from impersonation and unauthorised access through stolen credentials.

Even in the face of widespread data breaches, users remain protected with MyDigital ID because access depends on who you are, not just what you know.

Importantly, MyDigital ID is public digital infrastructure, aimed at increasing trust in the digital ecosystem and simplifying how we securely access services.

It represents a shift in how we think about digital identity, from weak, repeated logins to secure, centralised verification.

The rollout of MyDigital ID focuses on trust, transparency, and user protection, values that are urgently needed in today’s threat landscape.

What you can do now

While governments and companies continue strengthening their systems, individuals remain the first line of defence.

That starts with adopting better habits: always enable two-factor authentication when offered, especially for your most sensitive accounts like banking and email. Avoid saving passwords in browsers or unsecured files.

Perhaps most importantly for Malaysians, it’s time to seriously consider registering for MyDigital ID.

It offers a safer way to access digital services without relying solely on passwords and as it becomes more widely integrated into both government and private systems, it will offer more convenience without compromising security.

It’s one of the most practical steps you can take today to future-proof your digital life.

Finally, stay informed. NACSA regularly shares cybersecurity alerts and best practices. Following these sources, not just news headlines, can make all the difference when the next breach happens.

Looking ahead

“This breach is a wake-up call for all of us. The internet isn’t getting safer on its own, and traditional passwords won’t keep up with today’s threats. Protecting your digital identity is no longer optional. It is essential,” says Nik Hisham Nik Ibrahim, Chief Executive Officer, My Digital ID Sdn Bhd.

With good habits, stronger technology and reliable platforms like MyDigital ID, Malaysians can take control of their digital safety. Check your accounts, stay alert and make security part of your everyday digital life.

MyDigital ID

MyDigital ID is a safe and trusted digital identity platform that is designed to strengthen and simplify online identity verification, without replacing the MyKad system.

It works as a single login solution for digital services, offering greater safety and accessibility to citizens in accessing online services and performing transactions.

MyDigital ID prioritises data safety and privacy. It does not store any biometric data or personal database and does not function as the replacement of MyKad for identification purposes.

Please visit www.digital-id.my for further information.

-- BERNAMA

Nur Farah Ilyana Idros is a Public Relations and Communications Officer at MyDigital ID Sdn Bhd.