Tuesday, June 6, 2023
  • Hype
  • Murai
  • Lipstiq
  • Diva
  • Varnam
  • Moviedash
  • Autofreaks
Lowyat.NET
  • News
    • Lifestyle
    • Computing
    • Hardware
    • Internet
    • Rumours & Leaks
    • Software
  • Forums
    • Kopitiam
    • Tradezone
    • Property Talk
    • Finance & Business
    • Fast and Furious
  • Gaming
    • PC Gaming
    • Console
    • Esports
  • Mobile
    • Apps
    • OS
    • Tablets
    • Phones
    • Telco
      • Celcom
      • DiGi
      • Maxis
      • Tune Talk
      • U Mobile
      • Buzzme
  • Pricelists
    • Compu-zoneUpdated
    • ViewnetUpdated
    • Sri ComputersUpdated
    • StartecUpdated
    • ThundermatchExpired
  • More
    • Automotive Tech
    • Drone
    • Enterprise
    • Entertainment
    • Fashion
    • E-Hailing
    • Wearables
No Result
View All Result
Lowyat.NET
  • News
    • Lifestyle
    • Computing
    • Hardware
    • Internet
    • Rumours & Leaks
    • Software
  • Forums
    • Kopitiam
    • Tradezone
    • Property Talk
    • Finance & Business
    • Fast and Furious
  • Gaming
    • PC Gaming
    • Console
    • Esports
  • Mobile
    • Apps
    • OS
    • Tablets
    • Phones
    • Telco
      • Celcom
      • DiGi
      • Maxis
      • Tune Talk
      • U Mobile
      • Buzzme
  • Pricelists
    • Compu-zoneUpdated
    • ViewnetUpdated
    • Sri ComputersUpdated
    • StartecUpdated
    • ThundermatchExpired
  • More
    • Automotive Tech
    • Drone
    • Enterprise
    • Entertainment
    • Fashion
    • E-Hailing
    • Wearables
No Result
View All Result
Lowyat.NET
No Result
View All Result
Home News

Program Subsidi Petrol Microsite Found Disclosing Recipient’s Bank Account Details (UPDATED)

by Vijandren
October 17, 2019
363
SHARES
Share on FacebookShare on Twitter

Update 1.05pm 17th October – We can independently confirm that the vulnerability has been fixed, and the site is no longer displaying the account details in a publicly readable format.

Original Story 9.01am 17th October – The Petrol Subsidy Programme microsite was launched on the 15th of October by the Domestic Trade and Consumer Affairs Ministry to help recipients of the recently announced subsidy programme to check on their eligibility status online.

It is estimated that close to 2.9 million recipients of the Bantuan Sara Hidup (BSH) aid will be eligible for the Petrol Subsidy aid, as long as they have a vehicle registered under their name. The bulk of the data for the online check is based on the information provided during the application for the Bantuan Sara Hidup scheme, as highlighted by the honorable Minister, Datuk Seri Saifuddin Nasution Ismail during the launch.

While the site works as intended, we can exclusively reveal that the site is also revealing complete private banking details of the eligible recipients. Keying in an eligible person’s MyKAD number will bring up the usual details, inclusive of the Bank Name which was registered during the Bantuan Sara Hidup application as well as the eligibility amount. Similar to the BSH eligibity check, only the last four digits of the account number will be displayed.

However, this is where the similarities end. While the account number on the Bantuan Sara Hidup site are masked on the backend and only partially sent out, the Program Subsidi Petrol site is sending out the complete account number, and then masking it on the form itself. A quick check on the source code of the results page will reveal the complete bank account number.

We have tested out the resulting account number and can confirm that the account number that is displayed is the full account number and belongs to the actual owner of the MyKAD number that we used for this example.

We went on and tested at least 5 more random MyKad numbers and can confirm that we were able to obtain the full account numbers of the eligible recipients in the same way as outlined above.

Local bank accounts being abused by scammers for malicious purposes have been on the rise in recent years – with the Commercial Crimes Department of the Royal Malaysian Police launching a dedicated site for members of the public to check whether accounts they are transferring or receiving money from have been flagged as mule accounts.

We reached out to KPDNHEP via email late yesterday evening to highlight this issue but have yet to receive any response. At time of writing, the full account numbers are still being disclosed via the source code of the site.

What’s your Reaction?
+1
0
+1
0
+1
0
+1
0
+1
0
+1
0
+1
0

Follow us on Instagram, Facebook, Twitter or Telegram for more updates and breaking news. 

Filed Under Data Leakkpdnhep
Updated 12:00 am, Sun, 20 October 19
Back to top
Share145Tweet91SendShare

RELATED ARTICLES

apple macos sonoma
Software

macOS Sonoma Introduces Game Mode, Improved Privacy On Safari

by Ikmal Rozlan
June 6, 2023
apple ios 17
Software

Apple Officially Announces iOS 17; Here Are The New Features

by Ikmal Rozlan
June 6, 2023
Apple china store
Rumours & Leaks

Apple Will Reportedly Open Its First Official Store In Malaysia Next Year

by Heirul Kamel
June 2, 2023
Motorola Razr 40 Ultra specs slide leak
Mobile

Motorola Razr Ultra Specs Revealed In Leaked Slide

by Ian Chee
May 31, 2023

LOWYAT.TV

No Result
View All Result

TRENDING THIS WEEK

  1. 1
    News

    Program Subsidi Petrol Microsite Found Disclosing Recipient’s Bank Account Details (UPDATED)

  2. 2
    Telco

    Unifi Introduces UNI5G Postpaid 89 Unlimited Plan With No FUP

  3. 3
    Branded

    Safeguarding Your Finances: Six Tips From OctaFX

  4. 4
    Branded

    Here’s Why The Samsung’s One UI 5.1 Is The Most Versatile & Flexible OS To Date

  5. 5
    Rumours & Leaks

    Apple Will Reportedly Open Its First Official Store In Malaysia Next Year

NETWORK

  • Hype
  • Murai
  • Lipstiq
  • Diva
  • Varnam
  • Moviedash
  • Autofreaks

ABOUT

  • Advertise
  • Careers
  • Privacy Statement
  • Contact Us
  • Editorial Policy
  • Terms & Conditions

©2023 VIJANDREN RAMADASS. ALL RIGHTS RESERVED.

No Result
View All Result
  • News
    • Lifestyle
    • Computing
    • Hardware
    • Internet
    • Rumours & Leaks
    • Software
  • Forums
    • Kopitiam
    • Tradezone
    • Property Talk
    • Finance & Business
    • Fast and Furious
  • Gaming
    • PC Gaming
    • Console
    • Esports
  • Mobile
    • Apps
    • OS
    • Tablets
    • Phones
    • Telco
      • Celcom
      • DiGi
      • Maxis
      • Tune Talk
      • U Mobile
      • Buzzme
  • Pricelists
    • Compu-zone
    • Viewnet
    • Sri Computers
    • Startec
    • Thundermatch
  • More
    • Automotive Tech
    • Drone
    • Enterprise
    • Entertainment
    • Fashion
    • E-Hailing
    • Wearables

©2023 LOWYAT, LLC. ALL RIGHTS RESERVED.