Follow up articles:
CIMB Confirms That The Unauthorized Debit Card PayPal Transactions Are Not Related To CIMB Clicks
PDRM: No Reports of Money Missing From CIMB Account Have Been Made So Far
UPDATE (17 Dec 3.00PM): CIMB has published an official statement and FAQ regarding the security issue. More details below.
ORIGINAL STORY (16 Dec 11.16PM)
Something strange is happening with CIMB Clicks, and judging by their rather abrupt implementation of a reCaptcha code on their login page today, there are reasons to be concerned.
We are not publishing details for now, as it might lead to more abuse. We strongly recommend changing your password right now to something complex using an online password generator until this massive security flaw is patched. If you have a CIMB Debit card tied to your banking accounts, we recommend setting its limit to the minimum amount to minimize any potential abuse.
We have reached out to CIMB Malaysia to obtain official clarifications from them. So, stay tuned.
UPDATE (17 Dec 3.00PM)
This morning, CIMB has released a media statement assuring its customers that CIMB Clicks is still secure. Also available on the website itself, the statement also acknowledged the implementation of reCaptcha on CIMB Clicks.
Also accompanying the statement is an FAQ document that contained brief explanations on several aspects of the security implementation within CIMB Clicks.
