MySejahtera blames malicious scripts on OTP text


MYSEJAHTERA says the unsolicited text sent to random phone numbers recently was due to “misused by some malicious scripts”. 

“We have received complaints on our MySejahtera helpdesk and social media channels about an unsolicited OTP message to verify their phone number for check-in QR registration which is meant for business premises,” it said in a statement yesterday. 

“MySejahtera team has investigated and found that the check-in QR registration feature meant for business premises was misused by some malicious scripts to send OTP to random phone numbers,” it added. 

According to MySejahtera, since then these API endpoints were blocked and a fix to enhance security was moved last night. 

“We want to reassure all our users that no user data was accessed by these scripts but random phone numbers were spammed to verify their phone number. We apologise for this inconvenience,” it said further. 

Online users have taken to the Internet to complain and highlight that they have been receiving un-solicited OTP texts from MySejahtera over the weekend.