It looks like Airasia’s Bigprepaid.com is not the only website affected by a hidden cryptocurrency mining breach today.
Tuneprotect.com, which is owned and operated under the Tune Group banner is also affected by a similar breach.
However in both the incidences of Bigprepaid and Tuneprotect, the code was encrypted and hidden so we are quite sure that this was done with some malicious intent to avoid the cryptocurrency miner being detected by users, or even the legitimate owners of the site.
At time of writing, the site remains up and running.
(UPDATE – 7PM):
The offending code has been removed from the site.
(UPDATE – 824PM):
Tune Protect has released a short statement regarding today’s incident, as shown in its fully below:
We would like to assure our customers that we take their privacy seriously and have strong controls in place to protect their data. There are no personal data nor information breaches from this issue. – Razman Hafidz Abu Zarim, Group CEO, Tune Protect Group Berhad.
In general, the statement seems to be similar to the one released for AirAsia BIG Prepaid’s incident. Nevertheless, Tune Protect existing and potential customers should now be able to browse the website without worrying about unauthorized use by cryptocurrency script.