Today, in news of people pwning themselves to make a point that no one was bothering to think about, Tan Kin Lian has literally doxxed himself to show that privacy breaches in government data are no big deal. Then he says that something must be done.
Yes, you read that right. He published his personal information, which includes his full name, personal email, mobile phone number, birth date, and NRIC number. He said that he wanted to show that whenever breaches happen such as the recent health data breach, the public has no reason to worry as two-factor authentication and other measures do help the public from getting harmed.
What exactly did he do to screw himself over in the public eye this time?
Take a look at this Facebook post by OG Singaporean blogger mrbrown:
According to mrbrown, the information published above may be used to impersonate Tan Kin Lian and a loan be made into his name. But someone said that that wouldn’t really well due to the the latter’s history for running for office.
What a burn.
Tan Kin Lian had taken down his post as of publishing. No big deal, huh?
What happened after he published his personal information?
According to a report by The Straits Times, someone had tried to log into his SingPass on Monday, May 27, after he published his data. His access to the SingPass account had been blocked. This means that there were at least six attempts to access his account. When the six attempts happened, the account was shut down.
Even when Tan would change his password, this would only prompt the people who wanted to dix him or get into his data to block his account again. While his data and other particulars were safe, being unable to access the account is still a big problem.
In the post, Tan said, “I sent an e-mail to GovTech to tell them that after I change my password, this mischievous person can try to log into my account again and make another six failed attempts to block my account.
“It happened to me because I publicised my NRIC. But this can also happen to anybody who uses the NRIC to apply for a lucky draw, or to visit a public building.
All it needs is for someone to have the NRIC number and make six attempts to get the SingPass account blocked.”
mrbrown, however, said that while what Tan is saying is true, people can easily change their SingPass account username to something other than your NRIC number or email address. Anyone who kept the same username as they got it simply wasn’t protecting their account enough.
In light of the events concerning his SingPass account, Tan had asked GovTech to block the device that was trying to access his account, instead of blocking his account instead.
In the end, he said that the security system is not balanced, and went further, “Having said that, it is not advisable to publicise one’s NRIC unnecessarily, which is why the Government has enacted restrictions on the collection of NRICs.”
Well of course it isn’t advisable.