An earlier report by SoyaCincau spotted social media postings which claim that the personal details of over 300,000 E-Pay customers are being sold online for US$ 300. The report further added that the database contain customer name, email address, hashed password, date of birth, full address, and mobile number.
A Threat Actor is selling 380,000 customers PII Data and credentials related to the online payment system e-pay (https://t.co/2G2LJl9LZZ) located in Malaysia 🇲🇾. pic.twitter.com/bLKTnM8rxm
— Bank Security (@Bank_Security) February 2, 2021
In response to Fintech News Malaysia’s request for a statement, GHL said that “investigations are still underway” and that GHL will update the public on the progress and when new findings are available. Meanwhile, the payments company advised users of the E-Pay online reload and bill payment collection system (E.V.E) to change their passwords as a precautionary meausure.
They also cautioned users from clicking unverified linking to update their credentials and that they should only do so through their official website. GHL stressed that the possible breach is isolated to their E.V.E system only and does not impact other E-Pay and GHL business and operations as E.V.E operates as a standalone system.