fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

380k e-pay Malaysia Users Have Had Their Data Allegedly Leaked, Here’s What To Know

380k e-pay Malaysia Users Have Had Their Data Allegedly Leaked, Here’s What To Know

Reports have surfaced that personal details of at least 380,000 e-pay Malaysia customers are being allegedly sold on an online data-sharing forum for US$300 (roughly RM1,215). 

This transaction was highlighted on Twitter and shared on Facebook at 3AM on February 4.

From what we can see of a sample record that has since been deleted on the forum, data being leaked consists of names, full addresses, passwords, mobile phone numbers, and more.

A censored screenshot of a user’s personal information being leaked in the alleged database breach

Also Read: How To Check Data Breach And How Can We Prevent It

Better Safe Than Sorry

Now, it’s unclear whether or not the payment gateway itself has been hacked. This might just be a website hack through e-pay.com.my, as the details shared in the leak line up with the website’s user info field.

Their other products like the online payment gateway and terminal might not be affected, as we haven’t seen any victims sharing on social media that their financial accounts have been affected yet.

On the Facebook post, most commenters who are also users merely voiced out their worries.

To be on the safe side though, e-pay Malaysia users should change their username and passwords immediately, even if they may not be one of the 380,000 users affected.

Additionally, users can consider deactivating or deleting their accounts until e-pay Malaysia makes an official statement on this, or at least avoid making any transactions through the site for the meantime.

Some of its merchants listed on the site

Because e-pay is Malaysia’s largest prepaid top-up and bill collection network, some of its merchants include:

  • Telco companies: Hotlink, DiGi, and Celcom XPAX; 
  • Online game reloads: Steam, Razer Gold, and PlayStation; 
  • Bill payments: Astro, TNB, and Unifi;
  • Retail: Petronas, Aeon, MyNEWS, Petron, MyDin, and Mr DIY;
  • Others: Numoni and Redtone.

They also service most card and e-wallet payments such as Visa, MasterCard, GrabPay, Touch ‘n Go eWallet, etc.

Stopping This From Happening Again

Though there’s likely nothing you can do if your info has already been leaked, commentators are disappointed that it allegedly happened in the first place. 

As we wait for an official report, we noticed some suggestions on Facebook from concerned users on what others could do in the meantime on top of the aforementioned immediate actions.

One option, on top of changing your online banking passwords, is to change the payment account that’s using the debit option. 

If possible, concerned users could request making a new debit card with a new number from your bank (it’s still the same account, under a different number).

On e-pay Malaysia’s end, it is extremely important that they be transparent about providing the exact details of:

  • What had happened;
  • What factors caused it to happen;
  • What actions will be taken against those accountable for this alleged hack;
  • What initiatives e-pay Malaysia (and its merchants, if applicable) will be taking to prevent something like this from happening again in the future.

Also Read: Intrusion Into Privacy All About Law And Legal Definition

As of now, e-pay Malaysia has yet to address user concerns or clarify anything and we have no further way to verify this information, but we hope investigation and a report is underway nonetheless.

Even if this turns out to be untrue, the lack of clarification from e-pay Malaysia could still end up hurting their brand reputation and cause customers to lose confidence in them.

So, we’ve reached out to e-pay Malaysia to get their side of the story and more facts, and will be updating the piece with their responses.

Editor’s Update (February 4, 6:17PM): The e-pay Malaysia team has gotten back to us with a media statement to acknowledge the issue. We’ve summarised their statement below.

The GHL Group on behalf of e-pay Malaysia stated that the above allegations are isolated only to the e-pay online reload and bill payment collection system (EVE).

The EVE system operates on an independent standalone system which does not interfere with the technical operations of other e-pay and GHL merchant acquiring systems and servers, so their other businesses and operations will not be impacted.

Investigations are still being conducted, and the team shared that they’ll continue to update users on the progress and any new findings.

In the meantime, they advised EVE users to go to the official website and change their passwords as precautionary measures, and avoid clicking on unverified email links urging them to update their credentials.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us