The Ministry of Health (MoH) has reassured MySejahtera users that there has been no breach in data that caused random OTP SMS and emails to be sent to users.
Siasatan KKM mengesahkan penghantaran emel dan SMS palsu kepada pengguna MySejahtera bukan disebabkan kebocoran pada pangkalan data MySejahtera.
Pasukan MySejahtera telah meningkatkan lagi tahap keselamatan aplikasi dan laman sesawang MySejahtera bagi mengelak kejadian berulang. pic.twitter.com/LFAnsMwAvd
— KKMalaysia🇲🇾 (@KKMPutrajaya) October 20, 2021
The spam messages were instead sent via API manipulation that’s related to MySejahtera’s Check-In feature.
This feature allows businesses to generate QR codes for their establishments, but unknown parties had misused this feature to send OTP codes.
Image credit: Phakorn Kiong
The “Need Help” feature is also a culprit in allowing wrongdoers to send spam emails to other users.
The MoH also noted in their press release that the MySejahtera app and website’s security has been heightened to prevent similar exploits in the software from appearing.