Suasa Efektif and Flexi Parking: Flexi Parking Hit By Cyberattack, Disrupting Parking Payments Across Local Councils Nationwide

Suasa Efektif and Flexi Parking: Flexi Parking Hit By Cyberattack, Disrupting Parking Payments Across Local Councils Nationwide

Malaysia’s Flexi Parking Platform Hit by Nationwide Cyberattack, Disrupting Parking Payments

Malaysia’s Flexi Parking platform suffered a major cyberattack over the weekend, crippling parking payment systems across the country. The breach, attributed to a threat actor known as MelayuSpiritual, exploited two preventable vulnerabilities SQL injection and unauthenticated file uploads granting attackers root access to the platform’s servers.

The incident has disrupted parking operations for all 64 local authorities using Flexi Parking, including major cities like Shah Alam, Subang Jaya, and Selayang. Selangor’s Smart Selangor Parking app, which relies on the platform, was also affected. Authorities have temporarily suspended parking enforcement while restoration efforts are underway.

Cybersecurity firm Gotchaa Lab reported that the attackers may have accessed a database containing approximately 7 million user records. However, it remains unconfirmed whether data was exfiltrated or if an official investigation has been launched. In response, local councils are advising motorists to use alternative payment methods until services are restored.

Flexi Parking’s operator, Suasa Efektif, has acknowledged the breach and is working to recover the system. The attack highlights persistent security gaps in critical digital infrastructure.

Source: https://pokde.net/system/security/flexi-parking-cyberattack

Suasa Efektif TPRM report: https://www.rankiteo.com/company/leadinginnovativetechnologiesandsystems

Flexi Parking TPRM report: https://www.rankiteo.com/company/leadinginnovativetechnologiesandsystems

"id": "lea1782937688",
"linkid": "leadinginnovativetechnologiesandsystems",
"type": "Cyber Attack",
"date": "7/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'customers_affected': '64 local authorities and their '
                                              'users',
                        'industry': 'Transportation/Parking Services',
                        'location': 'Malaysia',
                        'name': 'Flexi Parking',
                        'type': 'Parking platform'},
                       {'industry': 'Transportation/Parking Services',
                        'location': 'Selangor, Malaysia',
                        'name': 'Smart Selangor Parking',
                        'type': 'Parking app'}],
 'attack_vector': ['SQL injection', 'Unauthenticated file uploads'],
 'customer_advisories': 'Local councils advising motorists to use alternative '
                        'payment methods until services are restored',
 'data_breach': {'data_exfiltration': 'Unconfirmed',
                 'number_of_records_exposed': '7 million',
                 'type_of_data_compromised': 'User records'},
 'description': 'Malaysia’s Flexi Parking platform suffered a major '
                'cyberattack over the weekend, crippling parking payment '
                'systems across the country. The breach, attributed to a '
                'threat actor known as *MelayuSpiritual*, exploited two '
                'preventable vulnerabilities (SQL injection and '
                'unauthenticated file uploads) granting attackers root access '
                'to the platform’s servers. The incident has disrupted parking '
                'operations for all 64 local authorities using Flexi Parking, '
                'including major cities like Shah Alam, Subang Jaya, and '
                'Selayang. Selangor’s Smart Selangor Parking app, which relies '
                'on the platform, was also affected. Authorities have '
                'temporarily suspended parking enforcement while restoration '
                'efforts are underway.',
 'impact': {'data_compromised': '7 million user records potentially accessed',
            'operational_impact': 'Parking operations disrupted, temporary '
                                  'suspension of parking enforcement',
            'systems_affected': 'Parking payment systems across 64 local '
                                'authorities'},
 'investigation_status': 'Unconfirmed if official investigation launched',
 'lessons_learned': 'Highlights persistent security gaps in critical digital '
                    'infrastructure',
 'post_incident_analysis': {'root_causes': ['SQL injection',
                                            'Unauthenticated file uploads']},
 'references': [{'source': 'Gotchaa Lab'}],
 'response': {'communication_strategy': 'Local councils advising motorists to '
                                        'use alternative payment methods',
              'remediation_measures': 'Restoration efforts underway',
              'third_party_assistance': 'Gotchaa Lab'},
 'threat_actor': 'MelayuSpiritual',
 'title': 'Malaysia’s Flexi Parking Platform Hit by Nationwide Cyberattack, '
          'Disrupting Parking Payments',
 'type': 'Cyberattack',
 'vulnerability_exploited': ['SQL injection', 'Unauthenticated file uploads']}
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.