https://www.cimbclicks.com.my/pdf/201812-Cl...-Public-FAQ.pdf
sorry on mobile .. boleh tolong screenshot and upload

The tweet about the leak of cimb data is a major issue

Why cimb is not addressing that

Because of the news, I login check, lose RM49.04. No missing card, no TAC, no MSOS. The transfer can be made. Call paypal support found out both of my CIMB cards is linked to unknown paypal account holder. Requested permanent freeze at paypal and wait the missing money to be refunded from paypal. Waiting....

ps: cimb is not helping much, robot copy and paste to me only.

yes, confirm is paypal cuz cimb transaction details got paypal info which I dun understand. Should happen on 4 dec but only deducted on 6 dec 2018. On 4 dec, I did check my cimb and nothing deducted that time so I thought is some scammer tactic to prank me to be panic.

So seeing some people complaint here, incident upto few months ago

Does it means CIMB been neglected on this security issue for so long ?

They didnt aware so many fraud complaint this few months ?

I guess this code snippet was lifted off the net today? ie current code, right?

Haven't read all posts here, but remember reading something about a recent change by CIMB to allow longer pw & with special characters?

And because some incompetent coder wrote the above snippet, hence the exploit was created?

Help me understand the logic...

if PW is at least 8char long, and includes special chars, then the entire pw string is passed to encryption function

if PW is at least 8char long, and dun include special chars, then the long pw is truncated & the front 8char string is passed to encryption function

if PW is < 8char long eg 7char or less, irrespective got special characters or not, then what happens? Won't password = password.substring(0, 8) evaluate to #error? Previously, wasn't there a minimum # of characters for passwords ie 8?

PS: i dunno coding. only trying to make sense of the if-then-else which is also used in excel

if cimb not wrong then how come only cimb kena

is there other bank kena same attack?

suddenly cimb so keen to solve the problem even send me dispute pdf file to sign for blocking the card and investigate. Something happen?

iirc, most of those that kena the debit card fraud say they don't have paypal oso

What has compromised debit cards have to do with changing Cimb clicks password?

Here's mine, after noticed, quickly call Cimb CS, indeed got money transferred out from my account, have to go cimb branch fill up form to claim back the money, such nuisance...
[attachmentid=10142718]