CIMB ‘kena hacked’: “Our system remains secure”, CIMB issues statement

CIMB has issued a statement with regards to the security concerns raised by a number of its users alleging that the bank’s online banking portal and app are exposed to security vulnerabilities.

The statement is published here in verbatim:

CIMB Bank Berhad (“CIMB” or “the Bank”) would like to address recent
social media news on the alleged insecurity of its online banking portal, CIMBClicks.

Please take note that our CIMBClicks system remains secure and all customers’ transactions continue to be protected.

The bank would like to inform that it had, over the weekend, introduced a few additional measures to enhance the security of its CIMBClicks transactions.

Apart from ensuring that the system is now able to accommodate passwords longer than eight (8) characters and up to 20 characters, we have also added the reCaptcha security measure on CIMBClicks to
ensure the user is not a bot.

Statement from CIMB

The statement raises a few questions as to what had happened over the weekend.

1. Why was the additional security measures deployed in the first place?

2. If the deployment of the security measure is considered routine, why wasn’t a prior announcement made to CIMBClicks users? An announcement about the use of reCAPTCHA as an additional security measure was only made today after it was deployed.

3. The statement has not addressed a number of concerns raised by CIMBClicks customer who noticed an anomaly in the system. One of which allowed customers to log into CIMBClicks even when they entered additional characters into their password string. A few others have also claimed that there were unauthorised PayPal transactions made using their CIMB account. This also has not been addressed.

We’ll continue to update this story as more information becomes available.

More on CIMB ‘kena hacked’: