MySejahtera blames malicious scripts on OTP text

by AZREEN HANI / Pic by TMR FILE PIX

MYSEJAHTERA (MYSJ) says the unsolicited text sent to random phone numbers recently was due to “misused by some malicious scripts.”

“We have received complaints on our MYSJ helpdesk and social media channels about an unsolicited OTP message to verify their phone number for check-in QR registration which is meant for business premises,” it said in a statement today.

“MYSJ team has investigated and found that checkin QR registration feature meant for business premises was misused by some malicious scripts to send OTP to random phone numbers,” it added.

According to MYSJ, since then these API end points are blocked and a fix to enhance security will be moved tonight.

“We want to reassure all our users that no user data was accessed by these scripts but random phone numbers were spammed to verify their phone number. We apologize for this inconvenience,” it said further.