This week’s Cyber Intelligence House, Leak of the Week features the Kiple.com breach, a Malaysian fintech and e-wallet provider under Kiplepay Sdn. Bhd., offering cashless payment solutions including Visa prepaid cards and salary disbursement systems.
In October 2025, a 4.9 GB dataset containing 63,246 files and 12,577 folders was posted on DarkForums by a user with the handle, 888. The stolen content consists primarily of source code, configuration files, certificates, SQL dumps, and logs, exposing highly sensitive operational information across multiple Kiple products and services.
Key sensitive findings
1. fpdnqr_privatekey_production.pem and Kiple_Prod_Dev.pem – these contain private keys used for production services, which could allow an attacker to impersonate legitimate servers or intercept secure traffic if still valid.
2. ClientCert.pfx – a client-side certificate bundle capable of authenticating directly to backend systems.
3. google-token.sql – database file holding stored Google OAuth tokens, potentially granting access to internal development consoles or APIs.
4. .env – configuration file with live environment credentials and API secrets tied to Kiple’s payment gateway.
5. BankAccountNumber, CardNumber, Card Expiry Month, and CVV entries from the CSV and SQL variable sets reveal exposure of payment card and banking data linked to users and merchants.
6. AccessKeyId, AccessId, and base_url parameters in JSON variables appear tied to cloud and payment service integrations, giving insight into backend connectivity.
Each of these elements represents a critical compromise: private keys can be used for system impersonation, certificate files can enable unauthorized access, and database variables indicate potential financial data exposure. The inclusion of bank account numbers, card details, and API keys underscores that this was not just a code leak, but an operational data breach.
Implications
For Individuals:
1. Risk of fraudulent transactions using exposed banking or card data.
2. Increased likelihood of targeted phishing, especially against Kiple users or merchants.
3. Possible identity misuse if customer or employee information was tied to the leaked datasets.
For Kiple:
1. Exposure of production keys and certificates can lead to service impersonation and unauthorized access to core systems.
2. Payment and bank-related variables show that regulatory and PCI DSS obligations may have been breached.
3. Source code visibility could accelerate exploitation of security flaws in live payment systems.
CIH’s Recommendations
– Revoke and replace all certificates, API keys, and tokens found in the leak.
– Conduct a full credential rotation across payment, cloud, and merchant systems.
– Review application source code for embedded secrets and rebuild sensitive
components with new keys.
– Notify affected partners and customers, and monitor for fraudulent payment activity linked to compromised credentials.