While it’s fright day today in the US, the alarming news comes from Malaysia. Records of 46.2 million mobile numbers from Malaysia have turned up for sale online.

Online forum and news site Lowyat.net filed a preliminary report on the data breach 12 days ago, but confirmed details yesterday. In its investigation, it has concluded that the stolen data has already changed hands more than once.

While Malaysia’s population amounts to only about 32 million, it is believed that many have multiple phone numbers. The cache of sensitive information–which includes user names, phone numbers, addresses, SIM card data, and other customer details–could expose affected Malaysians to phishing/social engineering attacks. What’s more, the leaked data could enable hackers to clone phones–a tactic that would let them hijack accounts and potentially intercept messages. As The Nation Thailand Portal reports, “the private details of almost the entire population may have fallen into the wrong hands.”

India Ashok reports in International Business Times that the subscriber data “appears to come from major local operators including, DiGi, Celcom, Maxis, Tunetalk, Redtone and Altel.”

Ashok also added that the dark web allegedly contained databases of more than 80,000 records from the Malaysian Medical Council (MMC), the Malaysian Medical Association (MMA) and the Malaysian Dental Association (MDA).

Read the full story of the mobile data breach at Lowyat.net.