Malaysia’s home minister ridiculed after his WhatsApp account hacked
Critics question how Saifuddin Nasution can keep the country safe if he cannot even secure his own phone
Malaysia’s home minister has been hit by a wave of public ridicule after his WhatsApp account was hacked, raising questions over the country’s digital protections when its top security official has been targeted by cyber criminals.
Mobile phishing scams are rampant in Malaysia, with citizens frequently harassed by calls from fraudsters posing as police, banks or courts to extort money under the guise of criminal probes.
The account of Saifuddin Nasution Ismail, head of the Home Ministry – which oversees policing, immigration, border and prisons as well as citizenship registration and censorship of films and books – had been compromised by “irresponsible groups”, his ministry confirmed.
It urged the public not to entertain any messages or calls from anyone purporting to be the minister.
“We remind the public not to be fooled by anyone claiming to be Saifuddin Nasution, especially in matters involving finances or meeting arrangements,” the ministry said.
But rather than acting as a warning, the statement triggered widespread derision online.
Regular social-media commentator Amirul Roslan wrote that if “the literal head of the security apparatus of Malaysia can have his WhatsApp hacked,” then the rest of the leadership was “already compromised.”
“A full security audit is necessary and overdue,” he added.
Others mocked the ministry’s phrasing, asking whether the “irresponsible groups” referred to the hackers or to Saifuddin himself for failing to secure his phone.
If Saifuddin can’t keep his own WhatsApp account secure, how can he secure the Home Ministry?Political commentator Syed Akramin
Political commentator Syed Akramin took it further, writing: “If Saifuddin can’t keep his own WhatsApp account secure, how can he secure the Home Ministry?”
Malaysian Home Ministry officials have previously admitted to using Meta-owned WhatsApp for internal cabinet-level communication – a practice that cybersecurity experts warn against.
Security expert Munira Musaffa gave an example of Saifuddin’s predecessor Muhyiddin Yassin, who openly disclosed that cabinet ministers maintained a WhatsApp group for internal communications.
“They operated with a self-assured conviction that as long as discussions remained within their trusted circle … they were still adhering to the spirit of their equivalent of an official secrets act, despite obvious flaws in operational security,” Munira said in a report for Australian international policy group Lowy Institute.
Other prominent figures have also fallen victim to hacking. In February, Malaysians had a chuckle after the X account of 99-year-old former prime minister Mahathir Mohamad started promoting cryptocurrency.
Despite its ambitious drive to position itself as a global data centre hub, Malaysia has faced a series of embarrassing cybersecurity breaches recently.
In December last year, reports emerged that personal data from 17 million Malaysians’ national ID – half of its 3 million population – were allegedly leaked and sold on the dark web.
CyberSecurity Malaysia reported that most of the leaks came from telcos, followed by government sectors, accounting for more than 740 gigabytes of data.
One social-media user said his company had a cybersecurity refresher course quarterly as well as a monthly phishing simulation.
“Those who failed had to start the course from the beginning,” ChairmanGLC posted. “This is just my company, not the Home Ministry who are in charge of national secrets.”
