Aik? se7en keeps on changing the frontpage title.

so reCAPTCHA not an issue?

So.....I presume it is pointless for us to change cimb password right now?

I think this has become a bit of a convoluted mess:

Lets summarize a bit

1) CIMBClicks used to only allow 8 characters in password

2) Knowing that only allowing 8 characters in password is dumb, CIMB increased it to allow for longer until 20 characters this month

3) This is where i think the bug happen, those who have not changed their password after the change in (2), can login with extra characters

4) those who then change their password, can no longer login with extra characters <---- PROOF that it is not an intended feature

5) Brute Force attack may or may not be related, but timing is interesting. We know got brute force because thats what the recaptcha is for.

6) Some are questioning whether extra characters at the end is security compromise if the attacker would need to know the original password anyway (hence the brute force). BUT read about buffer overflow attack and you would now that it is a point of vulnerability in a system that are suppose to be water tight because it safeguard money. They may or may not be using this vulnerability, nobody knows

7) Those who are attacked (due to weak password/ using the same password as leaked in previous database leak -im looking at you jobstreet-), somehow got their debit card linked to an unknown paypal, and it will then be use to pay somebody (may or may not be third party and unrelated)

Yup the password i use was more than 8 characters . dunno why they suddenly tekankan now can use more than 8 characters ..

I have to agree that captcha thingy its not good but good to solve the bots . but i dunno seems that recaptcha is also not reliable .. CIMB should done inhouse on the security aspect ..

Yes, there is a leak of debit card details. My debit card never use before, not even for ATM. It's just sitting in my house drawer also kena leaked and the criminal used my card at Australia. Lucky only swiped RM35 and CIMB already refunded it.
   

Can confirm,my cousin's account was compromised and she lost RM1K+. Was shocked because we never expect it to be someone close to us.

Well the good news is after reporting the matter to CIMB,they told her she will be fully reimbursed after an investigation is completed. However, it's gonna take about 15 - 17 business days. I tried to probe further on the nature of the security breach but she's keeping mum about it.

I hope CIMB honours their word though.it would be such a malaysian thing to do if they just put their hands up and declare "hey none of this is our fault,hence we can't compensate you a single cent."

so weird, i cant get it done tho. alphanumeric with special character, but is it a must not using 3 consecutive character in the password (abcd1234)? or any character same as clicks id or secure words?

yes, i think its related, to accounts with 8 character password being broken into by bruteforce

because to link card to paypal, they will charge you 1 usd, then you need the code written on the description of that charge, which typically you can see in cimbclicks in 1-2 days

Guys, simple question.

Is it safe for me to use CIMB clicks now? or should I wait for things to settle down and go find CDM instead