Netizens Are Wondering Why They Are Receiving OTPs And Troll Emails From MySejahtera

Many are concerned about the app's cybersecurity system.

Cover image via Facebook & Aswadi Alias/New Straits Times

Subscribe to our Telegram channel for our latest stories and breaking news.

A number of netizens claimed that they have received unrequested OTP codes for registration with MySejahtera in the early hours of the morning on Tuesday, 19 October

Users across various social media platforms, including Twitter and Facebook, shared that they received the same text message from 68088 between 12am and 6am.

The text message reads: "RM0 MySejahtera: Your OTP No. is [redacted] for MySejahtera check-in registration and will expire in five minutes."

All the netizens stated that they did not request for the number or try to login or register with MySejahtera at the time as most of them were fast asleep.

Image via SAYS

The incident has sparked data security concerns

Many users worried that the app was hacked and wondered if their personal information was stolen or leaked.

Those on Twitter tagged the accounts of MySejahtera, the Ministry of Health (MOH), and Health Minister Khairy Jamaluddin in their posts, asking for clarification on the matter.

Image via Twitter
Image via Twitter
Image via Twitter

Meanwhile, in a development today, 20 October, social media users shared that they are receiving joke emails from the MySejahtera Helpdesk

Among several other Twitter users, Malay Mail news editor Zurairi AR tweeted that he received troll emails from the app's official email domain this morning and a few days ago.

The email he received today contains his MySejahtera ID as well as the message: "You've tested positive for covid nahhh, joking. Plenty of exploits to show. Regards, CPRC MOH."

Meanwhile, an earlier email came with a photo of Rick Astley on Sunday, 17 October.

Zurairi also shared that netizens in online forum Lowyat.NET have recently discussed how simple it was to instruct MySejahtera to send spam to others with a backend code.

At present, there has not been a public response from MySejahtera or MOH regarding the matter

However, according to Malay Mail, the MySejahtera team released a statement to the media today, 20 October, revealing that their app's check-in QR registration feature was misused by "malicious scripts" to send OTPs to mobile numbers.

The team assured users that their data was not accessed by the scripts and the issue will be fixed by tonight. They have yet to address the troll emails.

Last month, it was alleged that almost four million citizens' data from the National Registration Department (JPN) was breached:

On 25 January, Anonymous Malaysia said the government has been irresponsibly allowing data leaks and sales of people's personal information to go on over the past few years:

You may be interested in: