MySejahtera Code Leaked: Trolls Having A Field Day Spamming Users

MySejahtera again under fire for a back end code leak that can make anyone send spam texts or emails.
Credit: Ahmad Zamzahuri via Malay Mail

Subscribe to our Telegram channel for the latest stories and updates.

Receiving One-Time Password (OTP) messages or spam emails can be annoying, but imagine it coming from trolls – that’s something rather concerning and a little bit scary.

Several users of Malaysia’s official Covid tracking app have noticed security issues where users have received text messages and emails that come from trolls who have exploited a back end code.

Some users have tweeted that they have received something similar to what Twitter user and journalist Zurairi AR received from MySejahtera’s official email (donotreply@mysejahtera.org).

In a response to all the complaints of the spam messages and emails, MySejahtera issued a statement last night saying that they will tighten the Application Programming Interface (API) security to make sure that no one else can abuse the leaked codes.

Image from Twitter (@iffahs_)

They also said that no user data has been leaked, but mentioned that any verified phone number or email on the app can and might receive spam texts or emails.

MySejahtera’s team has investigated the issue and found that the “Check-In” feature on business premises has been the subject of misuse by some trolls that got their hands on the code.

The code was posted on Lowyat.net forum with the user who put it there saying “You can instruct “MySejahtera” to spam OTP to others at will” and it is apparently a legit line of code that a forum user has tested.

Share your thoughts with us via TechTRP's Facebook, Twitter and Telegram channel for the latest stories and updates.

Previous Post

FIFA Never Liked EA Anyway, Will Now See Other Publishers.

Next Post

You Can Play The Classic Doom Game On Twitter

Related Posts
Total
1
Share