KUALA LUMPUR, Oct 21 — Health Minister Khairy Jamaluddin today said that the ministry is conducting a “dual-fix” method to address the issue of unsolicited one-time passwords (OTP) and spam emails being sent out from the MySejahtera system, to the public, whose details are registered with the app.
In a press conference today, Khairy admitted that complaints on the matter were still coming in to the Ministry of Health (MoH).
“With regards to the MySejahtera issue, we are still receiving several reports.
“We are doing dual-fix or two methods to improve safety and we will also do additional ones today to ensure that to manually register individual numbers, to make sure we can close that back door as well,” he said in a press conference today.
The MoH yesterday explained that no data leaks were discovered in the MySejahtera user database and that the issue was only linked to an abuse of the app’s application programming interface (API).
Yesterday morning, the MySejahtera team revealed that its check-in QR registration feature was misused by “malicious scripts” to send OTPs to mobile numbers.
The team responded after an increased number of complaints were registered through its helpdesk and social media platforms, on unsolicited OTP messages being received, some in the early hours of the morning.
The team, however, assured users that their data was not accessed by the scripts and that the issue will be fixed last night.
Though the statement only addressed issues with text messages, several users also highlighted that they had received similar spam emails from account linked to MySejahtera: [email protected] and [email protected].
Some had received images of singer Rick Astley from his music video Never Gonna Give You Up.
The emails also came with an attached message reading: “Dear user, thank you for reaching out to MySejahtera Helpdesk. We have received your email and confirm your details as below. We shall investigate your request and due to high surge of traffic at helpdesk, we will get back to you within the next 5 days. Thank you for your patience & have a pleasant day ahead.”
Another user shared a screenshot of him receiving a prank email from MySejahtera, informing him that he had tested positive for Covid-19.
“You’ve tested positive for Covid nahhh, joking, plenty of exploits to show,” the email titled ‘MySejahtera Check-in Support-Health Assessment’ read.