380,000 E-Pay Malaysia Accounts’ Customer Data Are Sold Online
E-Pay Malaysia, a local e-payment provided has just seen a large number of their customer data being sold online. Discovered by @Bank_Security on Twitter, customer data of 380,000 E-Pay accounts dated from January 2020 are being sold on a well-known hacker marketplace forum.
E-Pay Malaysia customer database leaked
A Threat Actor is selling 380,000 customers PII Data and credentials related to the online payment system e-pay (https://t.co/2G2LJl9LZZ) located in Malaysia 🇲🇾. pic.twitter.com/bLKTnM8rxm
— Bank Security (@Bank_Security) February 2, 2021
@Bank_Security is a Twitter account who regularly provides updates on bank security breaches and cybersecurity issues from every part of the world. According to the seller, the database contains private customer details which include usernames, email addresses, customer date of birth, contact addresses as well as customers’ mobile phone numbers.
Our friends over at Lowyat.NET uncovered via a cache search that the seller was selling the E-Pay Malaysia customer data for a mere USD300 (RM1217.55). The listing of the database has since been removed from the database marketplace forum.
We strongly suggest that existing users of E-Pay Malaysia change their usernames and passwords as soon as possible following this unfortunate event.
Pokdepinion: Security breaches like this are always scary to me. I hope that E-Pay gets this sorted out and gets their security strengthened ASAP.