Subscribe to our Telegram channel for the latest stories and updates.
It appears that there has been a data breach at local e-payment service provider E-Pay Malaysia as the data of some 380,000 customers is being offered for sale online.
A Twitter account @Bank_Security first noticed this breach when a threat actor (a group or person behind a malicious cybersecurity incident) posted a sale offer for USD 300 (~RM1,215).
According to the post, a host of sensitive information of customers is up for sale including first & last names, full address (including postcode), e-mail, password, date of birth and mobile numbers.
A Threat Actor is selling 380,000 customers PII Data and credentials related to the online payment system e-pay (https://t.co/2G2LJl9LZZ) located in Malaysia 🇲🇾. pic.twitter.com/bLKTnM8rxm
— Bank Security (@Bank_Security) February 2, 2021
Local tech site SoyaCincau.com notes that such detailed personal information can easily be misused for scam activities.
In fact, E-Pay is rather well known and used for mobile top-up services (including IDD reload), bill payments, online game reloads and even e-Wallet reload.
Protect yourself from potential scammers
It is advised that E-Pay customers immediately change their passwords in the case their accounts are compromised.
As for scams, the payment provider asserts that customers should never reveal their top-up pin or password to any call, WhatsApp, e-mail and SMS.
E-Pay staff NEVER contacts merchants via WhatsApp to obtain PIN numbers or any other information.
Customers who suspect they’ve been a scam victim are advised to IMMEDIATELY contact E-Pay Customer Care at 03-5623 6000.
TRP has reached out to E-Pay Malaysia for clarification.
Share your thoughts with us on TRP’s Facebook, Twitter, and Instagram.
