The only issue is you can type your password + random numbers and able to login.it takes more than that to transfer money to unknown account.
For Maybank u know right you can withdraw money without ATM card.

Anyway it's a security flaw and cimb should announce and take action.

For me i noticed now transfer money also no need any tac for verification. Crazy. So if they masuk someone acc and no need tac verify... Thats it

My wild guess:
1) Business: ok guys we need to remove the 8 char pw limitation
2) Tester: wth I used to type the same but now couldn't login
3) Dev: that's easy, we just attempt login with full input and if cant we try again with first 8 char only

*roll out*

4) Customer: wth I can login with extra junk char
5) Dev: (*oh shit)

Cant they void all the old passwords and force customers to update new pw upon login? Many brokerages do this.

Not allow 8char + whatever shit to login.

CIMB didn't send any warning or anything about this through message or announcement. yeah I'm really pissed :/
it happened to mine and my friend's account. not sure about others but I have changed my password

suddenly cimb so keen to solve the problem even send me dispute pdf file to sign for blocking the card and investigate. Something happen?

I did both of them. I was thinking if someone report to bnm cuz cimb fb got someone receive tac send rm4999 to some guy. Tat guy even sms him for tac.

https://www.facebook.com/113376605363982/po...999957/?app=fbl

You scroll down and find kc chan's comment

From what i realized, first it was paypal. Then there is a TAC spam and some unknown stranger hackers act pity ask help to give him tac. Then poof~ money gone. Better transfer away all the money. Though is good to be kind, its not suitable in this society.

Now receive this, dun dare fill. Scare another tactics by scammer

Which debit the kwik or the atm debit. What about going to bank to ask for replacement card? Can fix this issue?

Hacker cannot transfer money without TAC, so he just emptied the account by using favourite bill payment which don't use TAC as revenge. So really need to take care to ensure no one can have access to our account.

The guy has Astro saved as favourites which doesn't require a TAC. The money isn't lost because you can ask Astro to refund the overpayment or ask CIMB to make good

Set debit card limit to RM0
What can hackers do about it?

How to set to RM0? I try to set, the default debit card spending limit was RM10k, then the minimum amount is RM1k.. really WTH!!

The only way now is to deactivate oversea spending / withdrawal which will subsequently deactivate all online purchase..

Been quite sometime never touch this acc.

Than tried check with ATM and online. All freeze. Got to go CIMB branch to activate back.

Most pain in the ass is the Online password change. Got to ask the branch official to call for me only able to reset.

If the regulations never changed. Account will become dormant if no withdrawal within 6 months. Account will be closed automatically after 7 years

so anyone bother changing their debit card ? how long does it takes