i think google, spotify, netflix etc doesn't ask for TAC either

its just not the angmoh culture, also due to the cc fraud is lower in the western world

But its better to change your password to something longer though.

Think someone linked a website just now and it said an 8 character password only needs 8 hours to break.

Some people were using bots to bruteforce password, since CIMB has no failed login limits. The CAPTCHA was supposed to slow the bots down

THE ISSUE ONLY TOWARD CREDIT CARD OR ACCOUNT TOO?

This entire fiasco is really kind of like 'making a mountain out of a molehill'.

Honestly, I was just as worried as you guys initially. First thing in the morning, i went to the CIMB branch near my workplace just to double check my balance with the branch staff (in addition to what I have already checked via CIMB Clicks), and there really was no issue at all. My money, thankfully, is still intact, so to speak.

If the problem was as bad as what some articles are saying, the police stations would have long queues already of people making reports!

Something doesn't seem right to me. Everywhere I look, I'm told that passwords are stored after (one-way) hashing (& even salting), never in its original form.

When you originally set up your password as 12345678H%&*GGhklp, it would have been stored as a certain hash. Any slight diff would result in a totally diff hash. (That's why they say they do not know what your password is)

So what boggles me is how someone can get in when he submits 12345678 - the hash for that would definitely be diff from the hash for 12345678H%&*GGhklp ...No?

The only possibility this can happen is IF at the point you originally set up your password as 12345678H%&*GGhklp, it was truncated to 12345678... damn FUBAR, right? Telling ppl to set up long complex pw & truncating to short

https://www.facebook.com/113376605363982/po...999957/?app=fbl

You scroll down and find kc chan's comment

No missing physical card involved.

I think it is not related to users carelessness.
I think there is some data leak happened inside CIMB or related to the data backups lost last year.
My two friends kena with PayPal unauthorised transaction amounting more than RM100.
And the worst part, you need to pay to replace your card eventhough it is not your fault.
It is not cheap at all.

And just want to tell you someone did post on Twitter that some hacker spam message and is looking to find partner to cash out money from CIMB.

https://nasilemaktech.com/debunking-mainstr...never-happened/

jeng jeng jeng.