[UPDATE: 24 July 2024 – 10:30am] Maybank has issued a statement regarding the matter, assuring that its systems remain secure and that all customer information is fully protected. The bank added that it will continue to monitor and ensure that its data is protected at all times, and is encouraging customers to always remain vigilant.
[Original Story: 24 July 2024 – 1:04am]
Earlier today, a database claiming to contain up to 22 million records of customers belonging to Malayan Banking Berhad was put up for sale on a popular dark web marketplace. The uploader was “asking” for USD18k in USDT/BTC for the database, allegedly containing among other things the name and passwords of customers – which we assume to be in reference to Maybank2u login credentials.
The listing, including all screenshots and sample data was strangely removed from the marketplace after a few hours, but not before screenshots of it were posted on a number of breach notifications sites. What was however very obvious from the sample data was the distinct lack of many fields which you would usually associate with a database containing secure login credentials. Even simple fields like security phrase and security image that would have been stored in clear text as opposed to hashed and salted passwords is glaringly missing from the datasets.
We believe it is safe to flag this off as a failed attempt to quickly sell off a collection of unassociated user data, packaged as genuine data belonging to a large banking institution. This seems somewhat similar to last weeks attempt to resell U Mobile customer data from the leak in 2017 as a a new leak.
An alleged leak in 2023 involving 1.8 million records from Maybank was later found to be a fake claim after the bank officially confirmed that the data involved did not match any of their banking system records.
We have reached out to Maybank for their comments on this matter and will update this article with an official confirmation as soon as we receive a response. In the meantime, please keep a lookout for any suspicious activities on your accounts, and hit the kill switch should you detect any unauthorized activity on your accounts.
[via dailydarkweb.net]
Follow us on Instagram, Facebook, Twitter or Telegram for more updates and breaking news.