Hackers no longer picky as 380,000 data possibly compromised

Many organisations are not aware that assets such as customers’ data and their own materials are items of interest for hackers

by RAHIMI YUNUS / Pic source: ghl.com

CYBER criminals are no longer selective about their victims these days, where everyone is a possible target regardless of profession or social status.

A cyber security expert said many individuals and companies have misunderstood how hackers operate these days and oftentimes failed to realise that their certain valuable assets would be a target.

“The very important thing about hackers today is that they do not care about who their target is. Anyone, any organisation is a target.

“It is not like 20 years ago when hackers would prioritise based on the nature of the business of the target. Today, anyone could be a target, even a housewife with an email account,” the expert, who asked for anonymity, told The Malaysian Reserve.

The expert said many organisations are not aware that assets such as customers’ data, as well as their own materials such as marketing plans, project planning and proposals are items of interest for hackers.

Besides that, the expert said many parties failed to recognise that cyber security is a responsibility of management and other departments too, not the IT division only.

Yesterday, it was reported that Malaysian consumer data involving 380,000 accounts of e-pay, an e-payment service platform provided by GHL Group was leaked and sold online.

GHL said it is investigating the alleged data breach involving e-pay, adding that the allegations are only related to the e-pay online reload and bill payment collection system, or EVE.

It further said the EVE system operates on an independent standalone system that does not interfere with the technical operations of other e-pay and GHL merchants acquiring systems and servers.

As it is, the company said other e-pay and GHL businesses and operations are not affected.

“Investigations are still underway and we will continue to update on the progress and any new findings. In the meantime, we would advise EVE users to go to our official website and change their passwords as precautionary measures.

“EVE users should NOT click on unverified email links urging them to update their credentials, but to do so only on our official website,” GHL said in a statement yesterday.

The online listing reportedly was first highlighted by a Twitter user @Bank_Security, who claimed that a threat actor is selling 380,000 customers data and credentials related to the online payment system e-pay located in Malaysia.

The seller of the data on the online marketplace was said to have the database containing the username, email address, date of birth, contact address and mobile phone number.

IT portal lowyat.net reported that the listing has been removed when checked, however, a search cache showed that the seller is offering the database for US$300 (RM1,218).

Read our earlier report

GHL probes into alleged data leak on 380,000 accounts