(Oct 20): Malaysia’s Covid-19 tracking application has been misused by “malicious scripts” to send unsolicited one-time passwords to random phone numbers.
The team running the MySejahtera app, which also verifies Covid vaccinations, said they received complaints from several users about getting OTP messages to verify their phone numbers for check-in QR registrations.
Some users, including lawmaker Fahmi Fadzil, received emails saying they’ve tested positive for Covid.
The incident sparked concerns on social media about a likely leak of personal data involving the nation’s 32 million people. The MySejahtera team assured users that their data was not accessed by the “malicious scripts” and that the issue will be fixed soon.
Yeah I got this too, as late as this morning
Also whole of [email protected]_sejahtera pic.twitter.com/7PjYts2ExO
— Fahmi Fadzil (@fahmi_fadzil) October 20, 2021
“These API end points are blocked and a fix to enhance security will be moved tonight,” the team said in a statement issued late Tuesday night.
About 94% of the nation’s adults have completed their Covid vaccination as of Tuesday, while 97% of the adult population had received at least one dose, according to the health ministry. The rapid vaccine rollout has allowed the government to lift curbs on movements as it aims to reopen all economic and social sectors by the final quarter of the year.
Malaysia reported 5,745 new Covid cases Tuesday, with the tally staying below the 6,000 mark for a straight second day. New daily infections have remained below the 10,000 mark since Oct 3.