KUALA LUMPUR: Online payment portal IPAY88 data security breach today has raised concerns among users and service providers.
While IPAY 88 said the investigation was underway, and they were working closely with the authorities and other relevant parties regarding the security violation, the threats of data leaks and breaches has always been there, and Malaysia is one of the top breached countries in the world.
According to cybersecurity company Surfshark shows that Malaysia is the 11th most breached country of Q2, 2022, as determined by analysing millions of breached accounts April through June.
The company said more than 665.2K Malaysian users have been breached during this period, while since 2004 there have already been 44.2M breached accounts.
East Asia has seen the most spikes in breached users quarter-over-quarter, with Japan growing by 1,442 per cent, China by 1,092 per cent, South Korea by 1,013 per cent and Malaysia by 733 per cent. According to the company's data from January to June 2022, Russia ranks 1st in the world by leaked accounts for the second consecutive quarter (28.8M breached users), followed by India (4.4M), China (3.4M), Brazil (3.2M), the US (2.3M), and South Korea (1.8M).
Prime target for hackers
Meanwhile, in responding to the incident today, Kaspersky's Southeast Asia general manager, Yeo Siang Tiong, said as we increase our reliance on online shopping, e-commerce companies and online payment service providers will continue to be a prime target for hackers as they often contain a wealth of customer's data.
"The key takeaway from this recent incident is that cybercriminals do not look at auspicious timings before acting – the moment they detect any vulnerabilities in your system, they will take immediate action to exploit it," he said.
Kasprsky said with a single data breach costing over US$1 million (RM4.4 million) on average for businesses in Southeast Asia, businesses stand to lose an additional US$186 million on business opportunities in the aftermath of a data breach.
"While it is heartening that our Global Corporate IT Security Risks Survey found that 84 per cent of Southeast Asian businesses surveyed have made plans to increase their budget in IT security, there remain significant gaps when it comes to IT infrastructure hosted by third parties, as well as challenges pertaining to the migration of more advanced and complex technology environments," he said.
This is why companies and individuals should be on their highest alert at all times.
What to do
A data breach can have a devastating effect on an organisation's reputation and financial bottom line. This is the applicable to all sectors, including e-payment service providers. Below are some of the best practices to fend off one, especially for major ecommerce companies handling millions of financial data:
1. Employ training and activities which will educate employees about cybersecurity basics, for example, to not open or store files from unknown emails or websites as they could be harmful to the whole company.
2. Regularly remind staff how to deal with sensitive data, for example, to store only in trusted cloud services with authentication switched on, do not share it with untrusted third parties.
3. Enforce use of legitimate software, downloaded from official sources.
4. Make backups of essential data and regularly update IT equipment and applications to avoid unpatched vulnerabilities that can become a reason of a breach.
5. Provide your Security Operations Center (SOC) team with access to the latest threat intelligence, and stay up-to-date with new and emerging tools, techniques and tactics used by threat actors and cybercriminals.
6. For endpoint level detection, investigation and timely remediation of incidents, implement EDR solutions, such as Kaspersky Endpoint Detection and Response.
7. In addition to adopting essential endpoint protection, implement a corporate-grade security solution that detects advanced threats at the network level at an early stage, such as Kaspersky Anti Targeted Attack Platform.
"As a customer of a major company, if you learn that it has had a security breach, or if you find out that your own computer has been compromised, then you need to act quickly to ensure your safety. Remember that a security breach on one account could mean that other accounts are also at risk, especially if they share passwords or if you regularly make transactions between them," said Yeo.
He said if a breach could involve your financial information, notify any banks and financial institutions with which you have accounts.
"Change the passwords on all your accounts. If there are security questions and answers or PIN codes attached to the accounts, you should change these too. Use strong passwords, combine random strings of upper and lower case letters, numbers and symbols. Use a password manager to keep your passwords secure. Change your passwords regularly," advised Yeo.
"You might consider a credit freeze. This stops anyone using your data for identity theft and borrowing in your name, and do not respond directly to requests from a company to give them personal data after a data breach, it could be a social engineering attack," he added.
Also users need to be on guard for other types of social engineering attacks. A criminal who has accessed the accounts information, could contact the victims asking for more information like credit card, personal details.
"Monitor your accounts for signs of any new activity. If you see transactions you do not recognize, address them immediately. Close accounts you do not use rather than leaving them dormant, and be careful on the links you are about to click," said Yeo.
"When you are accessing your accounts, make sure you are using the secure HTTPS protocol and not just HTTP, and finally, secure your phone. Do not root or jailbreak your phone. Install security apps," he added.