After receiving multiple complaints and concerns from MySejahtera users, the Ministry of Health (MoH) has released a statement to explain why do they get the random OTP text messages from MySejahtera.
Why are users getting random OTP text messages from MySejahtera:
According to a report by Malay Mail, the ministry explained that the issue was linked to an abuse of the app’s Application Programming Interface (API).
On the MySejahtera website, there is a feature or a check-in function for businesses, premises public transport and others, to obtain and display the MySejahtera QR Code. To complete the application, the applicant must enter information including email address and telephone number to obtain a one-time password (OTP).
Therefore, the function has been misused by irresponsible parties as they enter random numbers and email addresses to perform the registration process.
Additionally, the ‘Need Help’ function in the MySejahtera website was also misused to send spam emails randomly.
Spams and pranks
Earlier, the MySejahtera team responded to the incidents after receiving an increased number of complaints on unsolicited OTP messages being received. The complaints were registered through its helpdesk and social media platforms.
Several users also highlighted that they had received similar spam emails from an account linked to MySejahtera: [email protected] and [email protected].
There were pranks such as receiving images of the popular Rick Astley from his music video Never Gonna Give You Up.
On the other hand, a user even received an email informing him he had tested positive for COVID-19. However, it was just another prank.
Just heard about how @my_sejahtera‘s database is compromised, & right on time I got a troll email from its helpdesk. pic.twitter.com/hvOjttwAI5
— Zurairi A.R. (@zurairi) October 20, 2021
Strengthening the MySejahtera security
Following this issue, MOH said that the MySejahtera team has increased the security level of the application and website to prevent the same incident from recurring.
For now, the application and MySejahtera website is under the joint management of the MoH and the National Security Council (NSC).
Meanwhile, the ministry assures that these incidents no leaks were discovered in the MySejahtera user database.
