MySejahtera security beefed up after ‘misuse’

MySejahtera security beefed up after ‘misuse’

Health ministry says the Application Programming Interface was used to send false emails and text messages to users.

The health ministry, which manages the MySejahtera application along with the National Security Council, says the database was not breached.
PETALING JAYA:
The security aspects of MySejahtera have been beefed up after its Application Programming Interface (API) was “misused” to send false emails and text messages to users.

In a statement, the health ministry maintained that MySejahtera’s database was not breached.

“The MySejahtera team has increased the security levels of the application and website to prevent similar incidents from happening again.

“Currently, the MySejahtera application and website are under the management of the health ministry and the National Security Council (MKN),” it said.

The ministry said the fake text messages involving one-time passwords (OTP) were caused by irresponsible individuals who misused a feature on the website meant to register premises for MySejahtera QR Codes.

This feature requires applicants to enter their email address or phone number to acquire an OTP, which is needed to complete the application.

A preliminary probe by the MySejahtera team found that the parties responsible abused this feature to send mails and texts to random email addresses and phone numbers.

Meanwhile, the website’s “Need Help?” function had also been abused to send random spam mails, it said.

Social media had been abuzz with complaints of spam messages and emails from the MySejahtera system.

Some had even received prank emails from MySejahtera informing them that they had tested positive for Covid-19.

We are live on Telegram, subscribe here for breaking news and the latest announcements.

Stay current - Follow FMT on WhatsApp, Google news and Telegram

Subscribe to our newsletter and get news delivered to your mailbox.