Earlier today, a database claiming to contain up to 22 million records of customers belonging to Malayan Banking Berhad was put up for sale on a popular dark web marketplace. The uploader was “asking” for USD18k in USDT/BTC for the database, allegedly containing among other things the name and passwords of customers – which we assume to be in reference to Maybank2u login credentials.
The listing, including all screenshots and sample data was strangely removed from the marketplace after a few hours, but not before screenshots of it were posted on a number of breach notifications sites. What was however very obvious from the sample data was the distinct lack of many fields which you would usually associate with a database containing secure login credentials. Even simple fields like security phrase and security image is missing – fields that would have been stored in clear text as opposed to hashed and salted passwords.
We believe it is safe to flag this off as a failed attempt to quickly sell off a collection of unassociated user data, packaged as genuine data belonging to a large banking institution. This seems somewhat similar to last weeks attempt to resell U Mobile customer data from the leak in 2017 as a a new leak.
We have reached out to Maybank for their comments on this matter and will update this article with an official confirmation as soon as we receive a response. In the meantime, please keep a lookout for any suspicious activities on your accounts, and hit the kill switch should you detect any unauthorized activity on your accounts.
[via dailydarkweb.net]
Follow us on Instagram, Facebook, Twitter or Telegram for more updates and breaking news.
