The MySejahtera team disclosed today mobile numbers utilising the check-in QR registration feature in MySejahtera are receiving unsolicited OTP text messages. This was a blatant misuse by “malicious scripts.”
However, the team sends their reassurances that the scripts are unable to access user data. Fortunately, this issue will be fixed as soon as tonight.
This was a response after a rise in the number of complaints registered through its helpdesk and social media platforms. Some reportedly receive these OTP messages in the wee hours of the morning.
Malaysians who received the OTP messages over the past few days received OTP text messages for “check-in registration” claiming expiration within five minutes.
“Since then, these API endpoints are blocked and a fix to enhance security will be moved tonight. We want to reassure all our users that no user data was accessed by these scripts but random phone numbers were spammed to verify their phone number. We apologise for this inconvenience,” a statement to the media read.
API means the Application Programming Interface.
A Solidified Security System
It’s been reported by the Ministry of Health that the MySejahtera team has since improved the application and website’s security since the issue arose.
In a statement today (Oct 21), MOH shared results from a prelimenary investigation by the National Cyber Security Agency (NACSA). It was found the onslought of e-mails and text messages was not due to a database leak. Indeed, it was caused by a misuse of the API.
Additionally, they also elaborated the Need Help? function of the same site has also been similarly misused to send out spam emails at random.
“Following this irresponsible action, the MySejahtera team has further increased the security level of the MySejahtera application and website to prevent the same incident from recurring,” they said.
MySejahtera’s application and website are currently under the joint management of the MOH and the National Security Council (MKN).
For more updates, insightful reads, and fun recipes, stay tuned to Motherhood Story!