Malaysian Bank CIMB Denies Security Breach

The Malaysian bank CIMB has denied security breach affecting its online banking portal, despite thousands of customers complaining of a hack.

The Kuala Lumpur-headquartered CIMB, which is the fifth largest banking group in ASEAN and the second largest bank in Malaysia, refuted on Monday all allegations that there has been a security breach affecting its online banking portal. Several customers had taken to the social media over the weekend complaining that their accounts had been hacked.

In a media statement dated 17 December 2018, CIMB assures customers that the website remains secure. The statement reads, “CIMB Bank Berhad (“CIMB” or “the Bank”) would like to address recent social media news on the alleged insecurity of its online banking portal, CIMBClicks. Please take note that our CIMBClicks system remains secure and all customers’ transactions continue to be protected.”

The statement also elaborates on the measures that the bank has taken to enhance the security of all online transactions. “The bank would like to inform that it had, over the weekend, introduced a few additional measures to enhance the security of its CIMBClicks transactions. Apart from ensuring that the system is now able to accommodate passwords longer than eight (8) characters and up to 20 characters, we have also added the reCaptcha security measure on CIMBClicks to ensure the user is not a bot,”- says the media statement.

Many people had made social media posts during the weekend alleging breach and hack. The Straits Times reports that the bank’s media statement, “…came hours after Mr. Vijandren Ramadass, the founder of tech portal Lowyat.net, made a posting about the alleged breach on Sunday.”
The report quotes Mr. Ramadass’ words- “Something strange is happening with CIMB Clicks, and judging by their rather abrupt implementation of a reCaptcha code on their login page today, there are reasons to be concerned…We are not publishing details for now, as it might lead to more abuse. We recommend changing your password to something complex using an online password generator until this massive security flaw is patched.”

Many customers of CIMB alleged that their debit cards were charged through PayPal even though they hadn’t ever subscribed to PayPal services. Users stated that they had lost money with multiple transactions from PayPal, which they had never done. Some of them clarified that they didn’t even have PayPal accounts, but saw multiple transactions happening in just one hour or so. Some users took to the social media urging people to be careful with online transactions and if possible not to use the online portal at all. They were also asking people to call the bank if they had been hit. Some users even attributed the incident to a “buffer overflow” attack.