Categories: Digital LifeNews

CIMB Clicks ‘kena hacked’ concern: Here are 4 things you need to know

Over the weekend, there were grave concerns about CIMB Clicks’ security. A couple of CIMB customers had posted on Facebook that their bank accounts were being emptied through multiple transactions in the past few days. Adding more to the confusion is the appearance of a Google reCAPTCHA feature on the login page of CIMB Clicks. 

Here’s a recap of what we know so far. 

Debit Card Transactions

At the moment, most of the alleged cases involved debit cards and unauthorised transactions via PayPal. Interestingly, one of the victims had reported that he has never created a PayPal account before. It was also alleged that you can add a CIMB card to Paypal without mobile number verification. 

Alleged stolen card information

On last Wednesday, ZDNet security reporter, Catalin Cimpanu, had tweeted that an alleged hacker had bought a large stash of card numbers and was trying to look for a cash-out partner to target CIMB Bank. 

Do note that we can’t confirm if this is linked to the current unauthorised debit card transactions issue. 

reCAPTCHA for added security

Many were also surprised to see a reCAPTCHA feature that was introduced on the login pages over the weekend. Some had doubts if they have landed on a genuine CIMB Clicks website and had urged others not to log in. 

CIMB has confirmed via social media that they have enabled reCAPTCHA as an added security precaution. In case you didn’t know, reCAPTCHA is a feature by Google that’s designed to fight bots and potential spam. If a visitor is deemed suspicious, it will perform a test to confirm that a human is accessing the website. 

This isn’t entirely new and some online banking platforms in Australia and New Zealand are using Google reCAPTCHA.

Successful login with “Wrong password”

It was also alleged that CIMB Clicks accounts can be accessed with the wrong password. The video below was circulating online but it is worth pointing out that you’ll need to enter the first 8 characters correctly before you can login. If a person tries to login to your account, that means they would need to know your actual password first. It is recommended that you use a complicated password with a mixture of uppercase, lowercase, numbers and symbols. 

Nevertheless, it is still a concern which CIMB needs to clarify. Prior to this, CIMB Clicks has a password limit of 8 characters but they have increased the limit to more than 8 characters starting today. 

UPDATE: According to CIMB, it is normal to be able to login with additional characters added to the password. 

We have reached out to CIMB’s Corporate Communications department for further clarification. We’ll update once we have gotten an official response. 

UPDATE: CIMB has issued an official statement and they assured that their systems remain secure. 

Recent Posts

Prime Minister’s Department: Over 1,500 cyberattacks launched at ministries’ infrastructure systems

There have been over 1,500 cases of cyberattacks launched against Malaysian ministries' infrastructure systems in…

4 hours ago

Malaysia’s largest DC charging hub is opening soon at Iskandar Puteri, Johor

DC Handal is expected to unveil what appears to be Malaysia's largest EV charging hub…

20 hours ago

Realme GT 7 Pro coming to Malaysia as first smartphone with Snapdragon 8 Elite chip, launching 18th November

Realme has debuted its latest flagship smartphone, the Realme GT 7 Pro in China, featuring…

20 hours ago

Malaysia to kill off NGVs in 2025 due to safety concerns

Malaysia will ban natural gas vehicles (NGVs) on 30 June 2025. Subsequently, no new natural…

21 hours ago

Is your iPhone 14 Plus having camera issues? Apple has a solution for you

Apple has launched a service program for the iPhone 14 Plus where certain units fail…

23 hours ago

U Family 128: U Mobile offers 1000GB shared data with 4 lines and free roaming for RM128/month

U Mobile has introduced its new U Family 128 offering, a new family plan which…

1 day ago

This website uses cookies.