Despite thousands of customers complaining about a hack, the Malaysian bank CIMB has denied security breaches affecting its online banking portal.
The Kuala Lumpur – based CIMB, the fifth largest bank group in ASEAN and the second largest bank in Malaysia, refuted on Monday all allegations that its online banking portal was affected by a security breach.
During the weekend, several customers had complained to the social media that their accounts had been hacked. In a press release dated 17 December 2018, CIMB assures its customers that the website is safe. The statement reads that “CIMB Bank Berhad (” CIMB” or “the Bank “) wishes to address recent news from social media about the alleged insecurity of its online banking portal, CIMB Clicks. Please note that our CIMB Clicks system remains secure and all transactions of customers remain protected. ”
The statement also details the measures taken by the bank to improve the security of all online transactions. ” The bank wishes to inform you that it has introduced a number of additional measures during the weekend to improve the security of its CIMB Clicks transactions. In addition to ensuring that the system can now accommodate passwords longer than 8 (8) characters and up to 20 characters, we have also added the CIMB Clicks reCaptcha security measure to ensure that the user is not a bot, “-the media statement says.
During the weekend, many people made social media posts alleging breach and hacking. The Straits Times reports that the statement from the bank’s media, “… came hours after Mr. Vijandren Ramadass, founder of the Lowyat.net technology portal, posted the alleged breach on Sunday.” Ramadass ‘s words-” Something strange happens with CIMB clicks and there are reasons to be concerned about their rather abrupt implementation of a reCaptcha code on their login page today… we are not publishing details for now, as this could lead to more abuse.
We recommend that you change your password to something complex using an online password generator until this massive security flaw has been corrected. “Many CIMB customers claimed that their debit cards were charged via PayPal even if they had never subscribed to PayPal services. Users said they had lost money with several PayPal transactions, which they had never done before.
Some of them explained that they didn’t even have PayPal accounts, but saw several transactions happen in about an hour. Some social media users urged people to take care of online transactions and not to use the online portal at all if possible. They also requested people to call the bank if they were hit. Some users even attributed the incident to an attack involving “buffer overflow”.