Alleged Hacker Selling Users’ Personal Data
Reports have revealed that the personal data of at least 380,000 Malaysian electronic payment customers will be sold on an online data sharing forum for US $ 300 (approximately RM 1,215).
This transaction was highlighted on Twitter and shared on Facebook at 3 a.m. on February 4.
From what we can see from an example record that has since been deleted on the forum, the leaked data consists of names, full addresses, passwords, cell phone numbers, etc.
Prevention is better than cure
Now, it’s not clear whether the payment gateway itself has been hacked. It may just be a website hack via e-pay.com.my, as the details shared in the leak correspond to the user information field of the website.
Their other products such as the online payment gateway and terminal might not be affected, as we haven’t seen any victims share on social media that their financial accounts have been affected yet.
On the Facebook post, most of the commenters who are also users simply expressed their concerns.
To be on the safe side, however, e-pay Malaysia users should immediately change their username and password, even if they are not among the 380,000 affected users.
Additionally, users may consider deactivating or deleting their accounts until e-pay Malaysia makes an official statement about it, or at least to avoid making transactions through the site for now.
Since e-pay is Malaysia’s largest prepaid top-up and bill collection network, some of its merchants include:
- Telecommunications companies: Hotlink, DiGi and Celcom XPAX;
- Online game refills: Steam, Razer Gold and PlayStation;
- Bill payments: Astro, TNB and Unifi;
- Retail: Petronas, Aeon, MyNEWS, Petron, MyDin and Mr DIY;
- Others: Numoni and Redtone.
They also process most card and electronic wallet payments like Visa, MasterCard, GrabPay, Touch ‘n Go eWallet, etc.
Prevent this from happening again
While you probably can’t do anything if your information has already been leaked, commentators are disappointed that this happened in the first place.
While waiting for an official report, we noticed on Facebook some suggestions from worried users about what others might be doing in the meantime in addition to the aforementioned immediate actions.
One option, in addition to changing your online banking passwords, is to change the payment account that uses the debit option.
If possible, affected users can request to create a new debit card with a new number with your bank (it is always the same account, under a different number).
On the Malaysia e-pay side, it is extremely important that they are transparent to provide the exact details of:
- What had happened;
- What factors caused this situation;
- What measures will be taken against those responsible for this alleged piracy;
- What initiatives will e-pay Malaysia (and its merchants, if any) take to prevent something like this from happening in the future?
At this time, e-pay Malaysia has not yet addressed user concerns or clarified anything and we have no other way to verify this information, but we hope that an investigation and report is underway. .
Even if this turns out to be wrong, the lack of clarification from e-pay Malaysia could end up damaging their brand’s reputation and causing customers to lose confidence in them.
So, we’ve reached out to e-pay Malaysia to get their side of the story and more facts, and we’ll update the article with their answers.
- Learn more about e-pay Malaysia here.
- You can read more fintech content than we wrote here.
Featured Image Credit: Vulcan post
Our sincere thanks to