Advertisement

No data theft from MySejahtera, says Health Ministry

Chan Kok Leong3 years ago21st Oct 2021News
Khairy kkm 010921
Health Minister Khairy Jamaluddin says there is no data theft from the MySejahtera app and that the ministry has identified an abuse of the application programming interface that resulted in users receiving unsolicited email and messages. – The Malaysian Insight file pic, October 21, 2021.
Advertisement

THERE is no data breach or theft from the MySejahtera application, said Khairy Jamaluddin.

“There was, however, an abuse of the API (application programming interface),” said the minister during a press conference today.

“The Ministry of Health has identified the weaknesses where the API was manipulated to send out text messages and emails to users.

“But we have identified the weaknesses and already corrected them yesterday,” he added.

In addition to that, Khairy said that MySejahtera will implement a manual system for users to key in their phone numbers to “close the backdoor” to the API.

Khairy was responding to questions on MySejahtera users being spammed by email from the application’s helpdesk yesterday. 

Users, who received the messages, posted their complaints and screenshots of the emails on Twitter.

Some of the spam email read: “You’ve tested positive for covid nahhh, joking. Plenty of exploits to show.”

Besides the spam email, some users also complained about receiving one-time password (OTP) messages to verify their MySejahtera check-ins into premises. 

According to the MySejahtera team, the OTP messages were sent following an abuse of the  check-in QR registration feature meant for business premises. – October 21, 2021.

Advertisement
Advertisement