UPDATE: CIMB has issued an official statement on the security concerns.
It appears that several CIMB Clicks users have reported
On Facebook, a couple of users have reported missing funds with repeated transactions via Paypal. In the examples below, the unauthorised transactions were charged via debit card. Interestingly, one of the alleged victim claimed that he had never created a
At the time of writing, CIMB has not issued any statement or announcement through their website or social channels. We are trying to reach out to them for further clarification and we will update this post once we have received a response.
CIMB’s sudden decision to introduce Google reCaptcha on CIMB Clicks does raise a few eyebrows. It’s a service from Google where it helps to block unwanted spam and abuse to your website. In other words, it’s a test to prove that you’re a human and not a bot that’s trying to brute force their way in.
If you’re a CIMB Clicks customer, it is advisable to check if you have any suspicious transactions. If you received SMS notifications for transactions you didn’t make, do contact your bank immediately so that they can block your card or account from further abuse.
UPDATE: We stumbled upon a tweet by ZDnet security reporter, Catalin Cimpanu, which alleged that a hacker might have obtained a large stash of card numbers. We can’t verify if this is related to the current CIMB Clicks issue.
XMPP spam message:— Catalin Cimpanu (@campuscodi) December 11, 2018
Hacker looking for a cash-out partner to target CIMB Bank (Malaysian bank).
I’ll presume he just bought a large stash of card numbers and he needs to monetize them. pic.twitter.com/b0aDatdpbV