MySejahtera users personal data breach

KUALA LUMPUR – Despite there were some random spamming through the MySejahtera application, no personal data was stolen or hacked, said the Ministry of Health (MOH).

The MOH also apologised on the incidences and gave its guarantee that all personal data of MySejahtera users were not breached.

According to a statement issued by the MOH, the ministry and the MySejahtera operator had received many complaints through their helpline and social media on the request for one-time password (OTP) to verify the users’ phone numbers for QR Code registration to check-in to premises.

Based on the investigation by the MOH, there were some abuse through the script access to random phone numbers, however, quick actions were taken to block the Application Programming Interface (API).

“MySejahtera team has conducted an investigation and found that the QR code registration function on business premises have been abused by malicious scripts, sending OTP to random phone numbers.

“The API (Application Programming Interface) has been blocked and actions to rectify the matter and increase its security has started,” it said.

According to the MOH, the security of the app is currently being upgraded to ensure similar situation would not happen again.

“All MySejahtera users need not worry as none of their personal data has been stolen or hacked. They were merely randomly spammed,” said the statement. -MalaysiaGazette