CIMB kena hack?

Lowyat.NET forums

Lowyat.NET Kopitiam Garage Sales

Lowyat.NET Rules and Regulations FAQ Help Search Members

Welcome Guest ( Log In | Register )

Lowyat.NET -> Kopitiam

Bump Topic Add Reply RSS Feed

3 Pages 1 2 3 >Bottom

Outline · [ Standard ] · Linear+

Chat CIMB kena hack?

views

briantwj	Dec 16 2018, 11:37 PM Return to original view \| Post #1
Pierluigi Collina Senior Member 3,968 posts Joined: Sep 2012	so what's the fuss now, because they publish this captcha thing without prior notice to us? Or were they legitimately hacked, that's why added this captcha thing? Or they dont have answer why got this captcha thing appearing for some users? zzzzz
Card PM	Report Top Like Quote Reply

briantwj	Dec 17 2018, 12:05 AM Return to original view \| Post #2
Pierluigi Collina Senior Member 3,968 posts Joined: Sep 2012	Probably they notice weird IP hitting their front end. Even after blocking still weird IP appearing and the hits pattern are similar. Which is why they implement this captcha. Just saying.
Card PM	Report Top Like Quote Reply

briantwj	Dec 17 2018, 12:16 AM Return to original view \| Post #3
Pierluigi Collina Senior Member 3,968 posts Joined: Sep 2012	QUOTE(annoymous1234 @ Dec 17 2018, 12:13 AM) How to change password if cannot log in?? Maintenance now. Their daily maintenance is at 12am til 12.20am iirc.
Card PM	Report Top Like Quote Reply

briantwj	Dec 17 2018, 12:17 AM Return to original view \| Post #4
Pierluigi Collina Senior Member 3,968 posts Joined: Sep 2012	QUOTE(Quantum Geist @ Dec 17 2018, 12:15 AM) So dictionary or bruteforce attack? They still have to bypass TAC or they got card numbers to transfer to paypal. Looks like Se7en got something judging by the update More like ddos maybe. Bruteforce trying to login via tons of username. That's the use case for using captcha. Don't quote me for thisJust guessing. Someone might have got a copy of all the user login ID. Then wrote a script to keep trying to login with those user names. This post has been edited by briantwj: Dec 17 2018, 12:18 AM
Card PM	Report Top Like Quote Reply

briantwj	Dec 17 2018, 12:29 AM Return to original view \| Post #5
Pierluigi Collina Senior Member 3,968 posts Joined: Sep 2012	Removed This post has been edited by briantwj: Dec 17 2018, 12:32 AM
Card PM	Report Top Like Quote Reply

briantwj	Dec 17 2018, 12:33 AM Return to original view \| Post #6
Pierluigi Collina Senior Member 3,968 posts Joined: Sep 2012	QUOTE(Oblah @ Dec 17 2018, 12:31 AM) Lol Amanz straight up telling the Internet CIMB is currently a free-for-all. They probably patched it. U can try it on ur own account. Mcm not working dy. Lul This post has been edited by briantwj: Dec 17 2018, 12:33 AM
Card PM	Report Top Like Quote Reply

briantwj	Dec 17 2018, 12:34 AM Return to original view \| Post #7
Pierluigi Collina Senior Member 3,968 posts Joined: Sep 2012	QUOTE(ahhann @ Dec 17 2018, 12:33 AM) already have video circulating in WhatsApp with the exact attack method in play dee ... Pls share here bro
Card PM	Report Top Like Quote Reply

briantwj	Dec 17 2018, 12:41 AM Return to original view \| Post #8
Pierluigi Collina Senior Member 3,968 posts Joined: Sep 2012	Removed This post has been edited by briantwj: Dec 17 2018, 12:43 AM
Card PM	Report Top Like Quote Reply

briantwj	Dec 17 2018, 12:45 AM Return to original view \| Post #9
Pierluigi Collina Senior Member 3,968 posts Joined: Sep 2012	QUOTE(Sichiri @ Dec 17 2018, 12:42 AM) Just username is enough to log in? Nope. I can't talk too much bout it. But it's a big flaw.
Card PM	Report Top Like Quote Reply

briantwj	Dec 17 2018, 12:49 AM Return to original view \| Post #10
Pierluigi Collina Senior Member 3,968 posts Joined: Sep 2012	Guys. Yes it is security compromise. But it's more of a flaw. Ppl will still need to know ur username and current password to login. So just refrain from sharing account.
Card PM	Report Top Like Quote Reply

briantwj	Dec 17 2018, 12:53 AM Return to original view \| Post #11
Pierluigi Collina Senior Member 3,968 posts Joined: Sep 2012	QUOTE(maxpudding @ Dec 17 2018, 12:50 AM) that's why they are bruteforcing your account if they can get first 8 char correctly say bye bye to your account This. Ppl can just bruteforce ur password now. As long as it hits the first 8 or the number or char u use on ur password. Then gg. So.... No point changing password now. Lol. The change need to come from CIMB. This post has been edited by briantwj: Dec 17 2018, 12:54 AM
Card PM	Report Top Like Quote Reply

briantwj	Dec 17 2018, 12:57 AM Return to original view \| Post #12
Pierluigi Collina Senior Member 3,968 posts Joined: Sep 2012	Hey Se7en. Is it still safe for this thread to go on? Lol. The digging has gone too far.
Card PM	Report Top Like Quote Reply

briantwj	Dec 17 2018, 01:11 AM Return to original view \| Post #13
Pierluigi Collina Senior Member 3,968 posts Joined: Sep 2012	QUOTE(Mr. Najib Razak @ Dec 17 2018, 01:08 AM) i just transferred money out to maybank all good Account x freeze ke Mr Bijan
Card PM	Report Top Like Quote Reply

briantwj	Dec 17 2018, 01:22 AM Return to original view \| Post #14
Pierluigi Collina Senior Member 3,968 posts Joined: Sep 2012	QUOTE(max291 @ Dec 17 2018, 01:18 AM) It have always been like this ever since they introduce it many years ago. Only first 8 characters are counted. The rest are jumbled out to confuse any keylogger. Eh yea. I think I exp this b4. All this while thot my password is 9 letters. Then last time try with 8. It works. Read back only saw the 8 character limit password.
Card PM	Report Top Like Quote Reply

briantwj	Dec 17 2018, 01:25 AM Return to original view \| Post #15
Pierluigi Collina Senior Member 3,968 posts Joined: Sep 2012	The feck is their service manyzer doing mia. No ppl escalate to him kah
Card PM	Report Top Like Quote Reply

briantwj	Dec 17 2018, 01:28 AM Return to original view \| Post #16
Pierluigi Collina Senior Member 3,968 posts Joined: Sep 2012	Btw any other platform or Reddit reporting on this? Getting kinda boring here. Lol
Card PM	Report Top Like Quote Reply

briantwj	Dec 17 2018, 01:31 AM Return to original view \| Post #17
Pierluigi Collina Senior Member 3,968 posts Joined: Sep 2012	QUOTE(ashburn98 @ Dec 17 2018, 01:28 AM) Late to the thread. If I didn't log in the whole week into CIMB Clicks, am I safe from this? As long as u have a cimbclicks account, u are in danger. Cimbclicks account meaning u have a password n ID to login to cimbclicks This post has been edited by briantwj: Dec 17 2018, 01:32 AM
Card PM	Report Top Like Quote Reply

briantwj	Dec 17 2018, 01:34 AM Return to original view \| Post #18
Pierluigi Collina Senior Member 3,968 posts Joined: Sep 2012	QUOTE(aku_ker @ Dec 17 2018, 01:32 AM) The only issue is you can type your password + random numbers and able to login.it takes more than that to transfer money to unknown account. For Maybank u know right you can withdraw money without ATM card. Anyway it's a security flaw and cimb should announce and take action. It’s an opening to many possibilities. Plus it coincides with the recent captcha introduction. 1+1.
Card PM	Report Top Like Quote Reply

briantwj	Dec 17 2018, 01:42 AM Return to original view \| Post #19
Pierluigi Collina Senior Member 3,968 posts Joined: Sep 2012	QUOTE(Jibbynomo @ Dec 17 2018, 01:38 AM) Betul ka? Why not ask him? Lol
Card PM	Report Top Like Quote Reply

briantwj	Dec 17 2018, 01:47 AM Return to original view \| Post #20
Pierluigi Collina Senior Member 3,968 posts Joined: Sep 2012	Ok I just tried this and it worked. Change ur password. After that try the exploit again. It didn’t work. Just change ur password and go to sleep guys. I think it only affect those ppl that is still on their old 8 alphabet password.
Card PM	Report Top Like Quote Reply

« Next Oldest · Kopitiam · Next Newest »

3 Pages 1 2 3 >Top

Add Reply Options

Change to:

0.0185sec

1.02

7 queries

GZIP Disabled
Time is now: 12th December 2025 - 01:04 PM

All Rights Reserved © 2002- 2025 Vijandren Ramadass (~unite against racism~)

Removal Request

Powered by Invision Power Board © 2025 IPS, Inc.