KUALA LUMPUR – The sending of unsolicited one-time password (OTP) messages and troll emails to MySejahtera users is caused by the abuse of the application programming interface (API) function by third parties, the Health Ministry (MoH) revealed.
In a statement today, MoH said the issue surrounding the OTP messages and prank emails is not due to a data breach within the government-developed mobile app’s database.
“On the MySejahtera website, there is a check-in feature or function for businesses, premises, public transports, and others to obtain and display the MySejahtera QR code.
“To complete the application, the applicant, among others, must enter information such as an email address or telephone number to obtain an OTP.
“Based on preliminary investigation by the MySejahtera team, the irresponsible individuals abused this feature to send mails and texts to random email addresses and phone numbers,” it said.
It added that the website’s “Need Help?” function had also been abused to send random spam emails.
“Following this incident, the MySejahtera team will boost its security functions on its app and website to prevent such incidents from recurring.
“Currently, the MySejahtera app and website are under the management of MoH and the National Security Council,” it said.
The issue surrounding the OTP messages supposedly first surfaced on Monday, after several users posted on social media about receiving the SMS at odd hours.
Some have also received prank emails claiming that they have tested positive for Covid-19. – The Vibes, October 20, 2021
