CIMB ‘kena hacked’: CIMB says, reCAPTCHA authentication is an additional measure to “enhance security”

The trigger that had caused many to believe that CIMB’s online banking system had been hacked over the weekend is an added measure to “enhance security”, according to CIMB.

On the announcement page of its website, CIMB said, “we recently introduced the use of reCAPTCHA as an additional authentication measure to enhance customers’ security.” The announcement was made today after the new feature was deployed, presumably, over the weekend.

reCAPTCHA is a feature by Google that’s designed to neutralise threats from bots and potential spam. If a visitor is suspected to be spam or a bot, reCAPTHCA will require the visitor to perform a test to confirm that a human and not a bot trying to access the website.

The use of reCAPTHCA for an added security measure is not uncommon among banks and it is good that CIMB is using the method. However, the way that CIMB chose to deploy reCAPTCHA (that is, with no prior announcements to users) is creating a lot of confusion and concern among the public, and one that is causing a PR nightmare for the bank.

In addition to using reCAPTCHA, CIMB has also updated their password requirements to accept passwords longer than eight characters. This also was not communicated to users prior.

A number of CIMBClicks users were panicking over the weekend claiming that the online banking platform was hacked. Their anxiety was justified, as there was a flurry of social media posts about unauthorised transactions, users being able to log in even when they entered additional characters along with their correct password and the usage of reCAPTCHA as an additional authentication method when it was not required previously.

The requirement to go through a reCAPTCHA authentication to log into CIMBClicks is new for the platform.

CIMB had not informed its users prior and that was had made users concerned about the integrity of the platform. Many had questioned if the website with the newly introduced reCAPTCHA authentication is legit. In the confusion, users warned others to not to log into the website as they were concerned that the website had been hacked. This spread like wildfire on social media and caused the panic.

In any case, if you are a CIMBClicks user it is good for you to take precautions. Change your password to utilise the maximum characters allowed by the system. Even then make sure to make it random and not easily predictable. Better yet, use a password manager like Dashlane to create a completely random password for you for each and every on of your online accounts.

Read more on our coverage about CIMB ‘kena hacked’: