PETALING JAYA: The MySejahtera staff is investigating an incident the place unsolicited one-time password (OTP) messages had been despatched to random cellphone numbers.
In a quick assertion, the staff stated it had acquired complaints by means of the MySejahtera app helpdesk and social media channels in regards to the incident, the place an unsolicited OTP message was despatched to confirm random customers’ cellphone numbers for check-in QR registration, which is supposed for enterprise premises.
“The MySejahtera staff has investigated and located that the check-in QR registration function meant for enterprise premises was misused by some malicious scripts to ship OTP to random cellphone numbers,” it stated on Wednesday (Oct 20).
Though random cellphone numbers had been spammed to confirm their numbers, the staff gave an assurance that no consumer information was accessed by the “malicious scripts”.
The staff additionally apologised for the inconvenience and added that it has since blocked MySejahtera’s utility programming interface (API) endpoints to facilitate a safety enhancement repair later at night time.
An API refers back to the coding platform that permits two software program programmes to speak.
An API endpoint is the place it connects with the software program programme. APIs work by sending info requests from an internet utility or server and receiving a response.