Virtual private network provider NordVPN released a study which claims to have found 22,504 stolen payment cards belonging to Malaysians.
The payment cards were being sold on the dark web, and were part of a larger overall finding of six million cards across 98 countries.
Alongside the 22,504 records of Malaysian card data were also other personal information, including home addresses (9,000 records), phone numbers (4,600), email addresses (3,500), and dates of birth (134).
NordVPN's report estimates the average price of Malaysian payment cards on the dark web as being RM35.54, while the global average sits at RM31.1.
According to the company's fraud risk index, Malaysians face a higher risk of being targeted in payment card theft, scoring 0.67 on the risk index scale (which goes from 0 to 1), and ranking 21 out of 98 countries.
It also noted that considering the additional personal information included with some of the records, it is likely that the cards were stolen via more sophisticated means.
“In the past, experts linked payment card fraud to brute-forcing attacks – when a criminal tries to guess a payment card number and CVV to use their victim's card.
"However, most of the cards we found during our research were sold alongside the email and home addresses of their victims, which are impossible to brute force.
"We can therefore conclude that they were stolen using more sophisticated methods, such as phishing and malware," wrote NordVPNs cybersecurity advisor Adrianus Warmenhoven.
The report also warns the personal information included with the payment cards could potentially be used for things like identity theft and other malicious activities.
It also recommended the use of encrypted password managers, more secure passwords, the use of official banking apps, responding to data breaches by changing usernames and passwords, and using anti-malware software.