KUALA LUMPUR, Feb 4 — Personal details of over 300,000 E-Pay customers appears to have been exposed online through a data breach.
A threat actor was spotted selling a database of 380,000 customers on a data sharing forum for US$300 (about RM1,215). That’s about 0.32 sen per user.
The sale was highlighted by @Bank_Security on Twitter and was recently shared by OMG Hackers.
From the sample record posted on RAID Forums, the database contain customer name, email address, hashed password, date of birth, full address including city and postcode and mobile number.
If purchased, these details if legit can be misused for scam activities and 380,000 records is quite a significant size.
E-Pay users are urged to change their passwords immediately as a security measure. However, there’s nothing much affected users can do about the personal details that have been exposed.
E-Pay is known for providing prepaid top-up services for telcos which also include IDD cards and online game reloads.
We’ve reached out the E-Pay and parent company GHL Group for further clarification and will update this post if there are further details. — SoyaCincau
