‘Malicious scripts’ to blame for unsolicited OTP, says MySejahtera

‘Malicious scripts’ to blame for unsolicited OTP, says MySejahtera

The app's development team assures users that their personal data was not accessed by these scripts if they had received the spam message.

It was found that the check-in QR registration feature meant for business premises was misused to send the one-time password (OTP) to random phone numbers.
PETALING JAYA:
“Malicious scripts” are to blame for the MySejahtera application sending an unsolicited one-time password (OTP) to users, the phone application’s team said today.

In a statement, the MySejahtera team said it received numerous complaints on its helpdesk and social media platforms of users receiving text messages with OTPs for them to verify their phone number to check in at locations.

“The MySejahtera team has investigated the matter and found that the check-in QR registration feature meant for business premises was misused by some malicious scripts to send the OTP to random phone numbers.

“Since then these API (Application Programming Interface) endpoints have been blocked and a fix to enhance security will be moved tonight,” it said.

The team apologised for inconveniencing users, assuring them that none of their personal data was accessed by these scripts. It added that random phone numbers received the spam messages to verify their numbers.

Malaysians had received the OTP messages over the past few days, which gave users an OTP for “check-in registration” which it claimed would expire in five minutes.

Stay current - Follow FMT on WhatsApp, Google news and Telegram

Subscribe to our newsletter and get news delivered to your mailbox.