CIMB Clicks Users Strongly Encouraged To Change Passwords NOW
Author Avatar


CIMB Clicks Users Strongly Encouraged To Change Passwords NOW

A series of security concerns about the CIMB Clicks platform went viral over the weekend, which has led to CIMB denying that its platform was compromised. But if you have a CIMB Clicks account, you should change your passwords immediately.

Sometime last weekend, CIMB implemented the reCAPTCHA anti-spam service on its CIMB Clicks portal, leading to plenty of concern to users. reCAPTCHA is a Google service that protects websites from spam and abuse. It appears as if the bank was protecting itself from some sort of brute force attack, which may have been triggered by another feature implemented by the bank recently.

Before this, CIMB Clicks requires users to set a password that is at most 8 characters in length – a legacy security feature that can be easily compromised by brute force attacks from hackers (some say it takes less than five minutes if the password is simple enough!) The bank removed this limitation two months ago, but it somehow led to even more security vulnerabilities, such as being able to log in with the wrong password entered or with extra characters added after the first 8 characters.

(Image: Amanz)

The reCAPTCHA implementation may have been a way to stop or delay the brute force attacks, but it appears some users have already had their accounts compromised. In response to queries from users, CIMB’s social media team encouraged users to change their passwords immediately. However, its statement to the media this morning was less urgent:

“CIMB Bank Berhad (“CIMB” or “the Bank”) would like to address recent social media news on the alleged insecurity of its online banking portal, CIMBClicks. Please take note that our CIMBClicks system remains secure and all customers’ transactions continue to be protected.

The bank would like to inform that it had, over the weekend, introduced a few additional measures to enhance the security of its CIMBClicks transactions.

Apart from ensuring that the system is now able to accommodate passwords longer than eight characters and up to 20 characters, we have also added the reCaptcha security measure on CIMBClicks to ensure the user is not a bot.”

This is in contrast to the FAQ it has published on CIMB Clicks, which was far more descriptive and attempts to ensure customers that its platform is secure. (Update: CIMB has released an updated FAQ that expands the “Password Related” section to include the table above)

How to change CIMB Clicks password?

Regardless of the media statement, if you haven’t already done so, you should change your CIMB Clicks password immediately. This is the most important step to safeguard your account. To do so, you’ll need to log in to your CIMB Clicks account via desktop browsers – the option does not appear on mobile browsers or the app. Click on the Settings icon (the one that looks like a gear) at the bottom left corner, and you’ll find the option to change your password.

From there you’ll need to enter your current password as well as the new one, before getting a TAC code to confirm the change. Note that the new password requires users to use a minimum of 8 characters, a special character (such as “!”, “?” etc), at least one capital letter, and at least one number. Multiple users have confirmed that after this password change, they are no longer affected by the 8-character password issue.

(Further reading: Amanz, Lowyat.NET, Soyacincau)


2 1 vote
Article Rating


Comments (1)

Notify of
1 Comment
Inline Feedbacks
View all comments
2 years ago

why cannot put new password?

Top Banking Articles
Post Image
Best Fixed Deposit Accounts In Malaysia – July 2022
The RinggitPlus Team
- 1st July 2022
We provide monthly updates on the best fixed deposit rates in Malaysia with tables showing the top 5 rates for the duration of 1, 3, 6, 9, and 12 months.
Post Image
Frequently Asked Questions About Credit Cards
Guo Heng
- 28th June 2018
Do you have questions about credit cards or are you looking to apply for your first credit card? Check out our FAQ on credit cards for all the need-to-know information.
Post Image
Best High Interest Savings Accounts In Malaysia (May 2022)
Pang Tun Yau
- 31st May 2022
Make your money work for you by depositing them into the best high-interest savings accounts in Malaysia!
Post Image
Old Malaysian Ringgit Notes and Coins Are Worth More Than You Think
Gavin Pereira
- 24th January 2019
Through the years there have been certain denominations of our Malaysian Ringgit that has been discontinued. Do you have any of these? It may be worth a lot now.

Related articles

Related Posts Image
Related Posts Image
Related Posts Image
Related Posts Image