Anti Spam League
Related Articles
KUALA LUMPUR, October 20 – Several MySejahtera users have complained about receiving Covid-19 app help desk troll emails and spam OTP SMS messages, amid the backend exploits of the application.
MySejahtera users tweeted screenshots of an email they received from [email protected] saying, “You tested positive for covid nahhh, jokingly. full of feats to show off.
Yesterday, some MySejahtera users also received OTP SMS (one-time passwords) from 68088 for MySejahtera registration records.
MySejahtera said in a statement last night, in response to OTP SMS spam complaints, that the registration QR registration feature intended for business premises had been misused by some malicious scripts to send OTP to phone numbers. random.
“Since then, these API endpoints have been blocked and a patch to improve security will be moved tonight. We want to reassure all of our users that no user data has been accessed by these scripts, but random phone numbers have been spammed to verify their phone number. We apologize for the inconvenience, ”said the MySejahtera team.
MySejahtera, which is owned by the Ministry of Health (MOH), has yet to respond to spam complaints that surfaced on Twitter this morning.
A Lowyat forum thread highlighted a code that could be used to instruct MySejahtera to OTP spamming users.
“Go ahead and give it a try, the URL is legitimate anyway. Can also use Postman or other tools, as long as you send that form data it works. These mistakes are worse than interns lol, ”wrote a Lowyat member on the forum.
It is currently unclear whether MySejahtera’s database – which contains personal information such as full name, ID card number and email address or phone number, as well as vaccination certificate Covid-19 and registration history in public places – can be viewed by outsiders.
