Malaysia’s Top Security Official Hacked: WhatsApp Breach Sparks Cybersecurity Fears
Do Son 
Malaysian Minister of Home Affairs, Saifuddin Nasution, has become the subject of widespread ridicule after his WhatsApp account was reportedly compromised. The incident has ignited a storm of concern over the state of cybersecurity in the country—particularly given that the breach involved the head of a ministry responsible for overseeing the police, immigration, border control, prisons, civil registration, and censorship.
The Ministry confirmed that the minister’s account had been compromised by “irresponsible groups” and issued a warning to the public, urging them not to respond to messages or calls from anyone impersonating Saifuddin—especially if they pertain to financial matters or meeting requests.
However, the official statement sparked not worry, but a deluge of sarcasm across social media. Commentators highlighted the absurdity of the situation: if the nation’s chief security official cannot protect his own messaging account, what hope is there for the security of the country’s broader digital infrastructure?
One popular user on X (formerly Twitter), Amirul Ruslan, quipped, “If the Home Minister’s WhatsApp is hacked, consider the rest of us already compromised.” He called for an immediate and comprehensive cybersecurity audit.
Political analyst Syed Akramin went even further, posing a blunt question: “If Saifuddin cannot safeguard his personal communications, how can he possibly secure the entire Ministry?”
Malaysia’s Ministry of Home Affairs has long been criticized for its use of WhatsApp in official capacities. Former Minister Muhyiddin Yassin openly admitted that government officials used a shared WhatsApp group for internal communications.
Cybersecurity experts have repeatedly warned that such practices pose a clear threat to national security, despite the illusion of a “closed circle of trust.” Security specialist Munira Musaffa, in a report for the Lowy Institute, emphasized that using WhatsApp at the highest levels of government violates core principles of state secrecy. According to her, officials operated under the misguided belief that “as long as it’s kept among friends, it’s legitimate,” while ignoring glaring flaws in operational security.
Saifuddin’s case is not without precedent. In February 2025, the X account of Malaysia’s 99-year-old former Prime Minister, Mahathir Mohamad, was hacked and used to promote cryptocurrency scams.
Meanwhile, the Malaysian government continues to market the nation as a future global data-processing hub. Yet such aspirations are increasingly undermined by a string of high-profile cyber incidents. In December 2024, it was revealed that personal data belonging to 17 million citizens—nearly half the country’s population—had been leaked. The breach, amounting to over 740 gigabytes, originated largely from telecom providers and government agencies.
Amidst the fallout, users have begun sharing anecdotes from corporate environments. One individual recounted that his company conducts monthly phishing simulations, with employees who fail the tests required to undergo retraining. “And this isn’t a ministry,” he concluded, “it’s just a private company.”
Donate