Cover image via
Facebook
& Aswadi Alias/New Straits Times
Subscribe to our Telegram channel for our latest stories and breaking news.
Users across various social media platforms, including Twitter and Facebook, shared that they received the same text message from 68088 between 12am and 6am.
The text message reads: “RM0 MySejahtera: Your OTP No. is [redacted] for MySejahtera check-in registration and will expire in five minutes.”
All the netizens stated that they did not request for the number or try to login or register with MySejahtera at the time as most of them were fast asleep.
Many users worried that the app was hacked and wondered if their personal information was stolen or leaked.
Those on Twitter tagged the accounts of MySejahtera, the Ministry of Health (MOH), and Health Minister Khairy Jamaluddin in their posts, asking for clarification on the matter.
Among several other Twitter users, Malay Mail news editor Zurairi AR tweeted that he received troll emails from the app’s official email domain this morning and a few days ago.
The email he received today contains his MySejahtera ID as well as the message: “You’ve tested positive for covid nahhh, joking. Plenty of exploits to show. Regards, CPRC MOH.”
Meanwhile, an earlier email came with a photo of Rick Astley on Sunday, 17 October.
Zurairi also shared that netizens in online forum Lowyat.NET have recently discussed how simple it was to instruct MySejahtera to send spam to others with a backend code.
However, according to Malay Mail, the MySejahtera team released a statement to the media today, 20 October, revealing that their app’s check-in QR registration feature was misused by “malicious scripts” to send OTPs to mobile numbers.
The team assured users that their data was not accessed by the scripts and the issue will be fixed by tonight. They have yet to address the troll emails.