Beware of Touch 'N Go eWallet Hacking: Hackers Changing Phone Numbers to Steal Your Money

Do not set easy to guess 6 digit pin number !!

I read this article another person's TnG (Touch N Go) ewallet was hacked. This is not the 1st time this is happening.


I did some read up on how TnG ewallet are hacked and found the weakest link is the 6 digit security pin number. A hacker who gets hold of the pin number is able to use that pin number to change the TnG ewallet to another phone number.  Doing a brute hacking into the 6 digit is not easy (will lock out) but apparently many users set their 6 digit pin to the last 6 digits of their Malaysian IC number.

Once the hackers have changed the phone number tied to the TnG ewallet, the hackers then have taken control of the wallet and able to do bank topups into the ewallet and then do DuitNow transfer to their mule accounts.



Using the pin number of change TnG ewallet phone number is not a security weakness, it is a feature to allow TnG ewallet users who have switched mobile numbers to use their TnG ewallet on the new number (eg change number from 011-62124752 to 012-3105215). 

The team at TnG is aware of how the hacks work but can only provide warning as the main issue is not a breach in their system, is more like someone managed to get hold of another person's 6 digit security pin number.



📍Links