In yet another saga to add on to the current medley of issues faced by MySejahtera app developers, it would now seem that users of the app are receiving unsolicited messages requesting that they reset their account passwords.
Users received password reset messages
The messages were indiscriminately sent out to users at random, with many Malaysians receiving them during the early hours of Monday (25th October 2021). Sent from an automated service number 68808, the message claims to have been sent on behalf of the MySejahtera app, and instructs users to reset their passwords by clicking on the link provided in the message. Some have even received emails containing the same password reset link.
Eagle-eyed netizens have pointed out that legitimate password reset requests from MySejahtera are typically sent from the 63839 automated service number, and not the 68808 number. Moreover, these password reset messages were sent to individuals who did not request to reset their passwords to begin with. For the time being, users are being warned against clicking on the link and potentially falling victim to a data breach or scam, repots Oriental Daily.
Malicious scripts attributed to earlier spam emails and messages
This new incident has further fueled concerns among Malaysians concerning the safety and security of the MySejahtera contact tracing app. Just a week prior, users had received both SMS messages containing alleged OTP check-ins, as well as spam emails that contained images of 1980s British pop-singer Rick Astley from his music video for ‘Never Gonna Give You Up’.
I’ve been getting (rickrolled) emails from @my_sejahtera since early Sunday morning, which means the exploit was known at least since then or around then. pic.twitter.com/JQZYCgrUNo
— Fahmi Fadzil 🇲🇾🏴 (@fahmi_fadzil) October 20, 2021
App developers behind MySejahtera have since come forward to state that the issues were due to ‘malicious scripts’ that have gained accessed and misused the application’s QR check-in function, and reassured users that no data was compromised as a result. However, no mention has yet been made about the new slew of password reset messages received by netizens since yesterday (25th October 2021).
Wau Post has reached out to the MySejahtera team for comment on the matter.
For more stories like this, follow us on Wau Post!
Also read: Did you receive a mysterious OTP message from MySejahtera? Here’s why:
