Unknown ‘Super Admin’ Downloaded Three Million Users’ Data Off MySejahtera App In 2021

The national audit report also uncovered serious flaws in the app that put its users at risk of data breaches or other questionable behaviours.
(credit: TRP Tech)

Subscribe to our Telegram channel for the latest stories and updates.

During the height of the COVID-19 pandemic, we used the MySejahtera App almost every single day, even public toilets had QR codes for scan and check in. After the government announced that there was no longer a need for check-ins starting 1 May 2022, the app usage started dwindling.

During the height of the COVID-19 pandemic, we used the MySejahtera App almost every single day, even public toilets had QR codes for scan and check in. After the government announced that there was no longer a need for check-ins starting 1 May 2022, the app usage started dwindling.

But the government turned the MySejahtera app into more than just an app for check-in and reporting your Covid status. You can register as an organ donor through the app, a digital record of your blood donations, set up medical checkup and more. The government plans to use the app as a digital health record. However, this revelation may deter users from ever using the app.

Malay Mail reports that according to the second series of the 2021 audit report released by Auditor-General Datuk Seri Nik Azman Nik Abdul Majid, an unknown individual or group created a “super admin” account that downloaded private information belonging to three million people via the MySejahtera app two years ago.

The report indicates that the account used multiple internet protocol (IP) addresses and thus, set off red flags. The MySejahtera app was initially developed to register residents in Malaysia for the Covid-19 vaccine in 2021 to control the spread of the coronavirus.

Although the audit report found that the Ministry of Health’s (MoH) objectives were mostly met, it also found significant weaknesses in the MySejahtera that exposed its users to data risks or other dubious practices.

The audit report pointed out that the MySJ app had been subjected to 1.12 million attacks as of October 27, 2021. In addition, the report found that 1,657 people had registered more than one MySejahtera identity.

Furthermore, 1,543 individuals had between two and seven accounts that had 3,108 MySejahtera identities with active status, verified identity, and a record of being vaccinated.

According to the audit report, the vaccination records revealed that 28,735 individuals were vaccinated at government-listed vaccination centers (known as PPV in Malay) after they were closed down.

The auditors also discovered 12,275 incomplete vaccination records in the system, while 3.89 million records were uploaded more than one day after the vaccination date.

Additionally, 203,846 records were uploaded into the system before the vaccination date, and 46 records were not present in the system. The auditors also found that 70 MySejahtera accounts belonging to deceased individuals were still marked as “active.”

The audit report suggests that the MoH take measures to address these weaknesses, such as implementing data housekeeping, conducting a thorough security assessment on the MySejahtera and MVAS applications, and upgrading the security features to guarantee the security of the system and data, particularly since the MySejahtera app is still being used for a broader number of health matters.

Share your thoughts with us via TechTRP's Facebook, Twitter and Telegram channel for the latest stories and updates.

Previous Post

Must-Have AMD-Powered Gaming Laptops In 2023 

Next Post

Gov’t Plans To Introduce New Cyber Crime Law During July Parliament Meeting

Related Posts
Total
0
Share