KUALA LUMPUR, Oct 20 — The Ministry of Health (MOH) today maintained that MySejahtera’s database was not hacked, saying that spam emails and SMSes were sent using exploits of the API.
MOH explained that its Covid-19 app’s check-in function for premises to retrieve the MySejahtera QR code was misused to spam random email addresses or phone numbers when registering for it.
“If the phone number or email address entered randomly exists, MySejahtera will send an OTP (one-time password) to the owner of the phone number or email address to confirm the registration,” said MOH in a statement.
Spam emails were sent from MySejahtera’s help desk through the “need help?” function on the MySejahtera website.
“Following these irresponsible actions, the MySejahtera team has increased security of the MySejahtera app and website to prevent these incidents from occurring again,” said MOH, adding that the app and website are currently managed by MOH and the National Security Council.
Several Malaysians have complained about receiving spam email from MySejahtera’s helpdesk and spam OTP SMSes.
CodeBlue also reported today complaints from four Malaysians about their digital Covid-19 vaccination certificates on MySejahtera listing different manufacturers for their AstraZeneca shots than the National Pharmaceutical Regulatory Agency’s (NPA) lot release certificates.
MOH has yet to address this issue.