A security flaw may have been discovered on the CIMB Clicks online banking platform.
A Facebook user by the name Mashur Bin Samhuji posted a video claiming that CIMB Clicks suffers from a Buffer Overflow Attack, allowing someone to access a CIMB Clicks account even if the password is incorrect.
Basically, using this buffer-overflow attack, somebody can compromise a password-protected system without knowing the password.
Some users reported that the bank has added the Google reCAPTCHA button at the login page. reCAPTCHA is a free security service from Google that protects a website from spam and abuse. CIMB said the button is added for “security purpose‘.
So far, there’s no official statement from CIMB Clicks regarding the security flaw.
Users are advised to remain calm as any transactions on CIMB Clicks requires Transaction Authorisation Code (TAC) for authentication, even if someone has your login and password.
If you have any unauthorised transaction in your account or funds missing, you should contact CIMB at +603 6204 7788. In addition, if funds are missing from your account, please make a police report.
Hope to hear what CIMB has to say about this.