Monday, February 6, 2023

Netizens Are Receiving OTP Requests From MySejahtera, Suspects Security Breaches

Social NewsNetizens Are Receiving OTP Requests From MySejahtera, Suspects Security Breaches

Netizens on Twitter are claiming to have received an OTP code requesting for Check-in registration for MySejahtera in the wee hours yesterday (19 October).

Apparently, there were a number of netizens who had received this message and most are suspecting that there is a security breach in the MySejahtera’s system.

Meanwhile, it is said that the text message was from the number “68088” and it was sent between 12 a.m. and 4 a.m.

The test message reads: “MySejahtera: Your OTP code is… for MySejahtera Check-in registration and will expire in 5 minutes.”

Source: Twitter

Netizens also expressed that they had not applied for any registration with MySejahtera too, adding that they suspect their identity was stolen or their account was hacked.

On the other hand, there was a netizen who received an email, which appeared to be a prank, from MySejahtera.

The email says “You have been tested positive for Covid-19. Nahh, just joking. Plenty of exploits to show Twitter search “OTP”.”

Meanwhile, Astro Awani reported that the MySejahtera team is investigating into the matter, especially into the manipulation into the QR registration feature which is made for businesses.

The MySejahtera team also confirmed that they had received complaints through the helpdesks and social media regarding the OTPs to verify their phone numbers via QR check-in specifically for business premises.

In a statement, the team is said to have found that irresponsible parties had abused the feature through the use of ‘malicious scripts’ and caused the application to send ‘One-Time Password’ (OTP) to the user’s phone.

Source: NST

They added that they have since blocked the Application Programming Interface (API) endpoint, and is taking additional steps to improve security.

“We want to reassure users that no personal data can be accessed through the use of the script, but some phone numbers have been used randomly for the transmission of the OTP.” they said in the statement.

The MySejahtera team also apologizes to all users who are involved and they will continue to investigate on the matter.

What do you think about this? Share your thoughts!

Trending now

- Advertisement -

Subscribe to our newsletter!

Recommended for you