Subscribe to our Telegram channel for the latest stories and updates.


It appears that there has been a data breach at local e-payment service provider E-Pay Malaysia as the data of some 380,000 customers is being offered for sale online.

A Twitter account @Bank_Security first noticed this breach when a threat actor (a group or person behind a malicious cybersecurity incident) posted a sale offer for USD 300 (~RM1,215).

According to the post, a host of sensitive information of customers is up for sale including first & last names, full address (including postcode), e-mail, password, date of birth and mobile numbers.

Local tech site SoyaCincau.com notes that such detailed personal information can easily be misused for scam activities.

In fact, E-Pay is rather well known and used for mobile top-up services (including IDD reload), bill payments, online game reloads and even e-Wallet reload.

Protect yourself from potential scammers

It is advised that E-Pay customers immediately change their passwords in the case their accounts are compromised.

As for scams, the payment provider asserts that customers should never reveal their top-up pin or password to any call, WhatsApp, e-mail and SMS.

E-Pay staff NEVER contacts merchants via WhatsApp to obtain PIN numbers or any other information.

Customers who suspect they’ve been a scam victim are advised to IMMEDIATELY contact E-Pay Customer Care at 03-5623 6000.

Credit: E-Pay Malaysia

TRP has reached out to E-Pay Malaysia for clarification.


Share your thoughts with us on TRP’s Facebook, Twitter, and Instagram.