KUALA LUMPUR, Dec 17 — It appears that several CIMB Clicks users have reported unauthorised transactions from their bank accounts over the weekend. While it isn’t clear if this is a security breach, CIMB had suddenly implemented Google’s reCAPTCHA service on their online banking portal’s login page.
On Facebook, a couple of users have reported missing funds with repeated transactions via Paypal. In the examples below, the unauthorised transactions were charged via debit card. Interestingly, one of the alleged victim claimed that he had never created a paypal account before.
At the time of writing, CIMB has not issued any statement or announcement through their website or social channels. We are trying to reach out to them for further clarification and we will update this post once we have received a response.
CIMB’s sudden decision to introduce Google reCaptcha on CIMB Clicks does raise a few eyebrows. It’s a service from Google where it helps to block unwanted spam and abuse to your website. In other words, it’s a test to prove that you’re a human and not a bot that’s trying to brute force their way in.
If you’re a CIMB Clicks customer, it is advisable to check if you have any suspicious transactions. If you received SMS notifications for transactions you didn’t make, do contact your bank immediately so that they can block your card or account from further abuse.
UPDATE: We stumbled upon a tweet by ZDnet security reporter, Catalin Cimpanu, which alleged that a hacker might have obtained a large stash of card numbers. We can’t verify if this is related to the current CIMB Clicks issue. — SoyaCincau