KUALA LUMPUR, Oct 20 — The MySejahtera team today revealed that its check-in QR registration feature was misused by “malicious scripts” to send OTPs to mobile numbers.
The team responded after an increased number of complaints were registered through its helpdesk and social media platforms, on unsolicited OTP messages being received, some in the early hours of the morning.
The team, however, assured users that their data was not accessed by the scripts and that the issue will be fixed tonight.
“Since then, these API endpoints are blocked and a fix to enhance security will be moved tonight. We want to reassure all our users that no user data was accessed by these scripts but random phone numbers were spammed to verify their phone number. We apologise for this inconvenience,” a statement to the media read.
API refers to the Application Programming Interface.
MORE TO COME
Related Articles PM: Govt to start paying developer of MySejahtera app from April 1, 2021 Individuals with Covid-19 vaccination from abroad need to get digital cert, says minister Khairy: MySejahtera rolling out update tonight with better risk level, vaccination status displayInternet Explorer Channel Network