From what we can see of a sample record that has since been deleted on the forum, data being leaked consists of names, full addresses, passwords, mobile phone numbers, and more.
Better Safe Than Sorry
Now, it’s unclear whether or not the payment gateway itself has been hacked. This might just be a website hack through e-pay.com.my, as the details shared in the leak line up with the website’s user info field.
Their other products like the online payment gateway and terminal might not be affected, as we haven’t seen any victims sharing on social media that their financial accounts have been affected yet.
On the Facebook post, most commenters who are also users merely voiced out their worries.
To be on the safe side though, e-pay Malaysia users should change their username and passwords immediately, even if they may not be one of the 380,000 users affected.
Additionally, users can consider deactivating or deleting their accounts until e-pay Malaysia makes an official statement on this, or at least avoid making any transactions through the site for the meantime.
Because e-pay is Malaysia’s largest prepaid top-up and bill collection network, some of its merchants include:
- Telco companies: Hotlink, DiGi, and Celcom XPAX;
- Online game reloads: Steam, Razer Gold, and PlayStation;
- Bill payments: Astro, TNB, and Unifi;
- Retail: Petronas, Aeon, MyNEWS, Petron, MyDin, and Mr DIY;
- Others: Numoni and Redtone.
They also service most card and e-wallet payments such as Visa, MasterCard, GrabPay, Touch ‘n Go eWallet, etc.
Stopping This From Happening Again
Though there’s likely nothing you can do if your info has already been leaked, commentators are disappointed that it allegedly happened in the first place.
As we wait for an official report, we noticed some suggestions on Facebook from concerned users on what others could do in the meantime on top of the aforementioned immediate actions.
One option, on top of changing your online banking passwords, is to change the payment account that’s using the debit option.
If possible, concerned users could request making a new debit card with a new number from your bank (it’s still the same account, under a different number).
On e-pay Malaysia’s end, it is extremely important that they be transparent about providing the exact details of:
- What had happened;
- What factors caused it to happen;
- What actions will be taken against those accountable for this alleged hack;
- What initiatives e-pay Malaysia (and its merchants, if applicable) will be taking to prevent something like this from happening again in the future.
As of now, e-pay Malaysia has yet to address user concerns or clarify anything and we have no further way to verify this information, but we hope investigation and a report is underway nonetheless.
Even if this turns out to be untrue, the lack of clarification from e-pay Malaysia could still end up hurting their brand reputation and cause customers to lose confidence in them.
So, we’ve reached out to e-pay Malaysia to get their side of the story and more facts, and will be updating the piece with their responses.
Featured Image Credit: Vulcan Post