If you received password reset messages from MySejahtera, don’t click on it! Here’s why:

An image showing the alleged password reset messages randomly sent to users.
Source: Alice CH, The Sun Daily

In yet another saga to add on to the current medley of issues faced by MySejahtera app developers, it would now seem that users of the app are receiving unsolicited messages requesting that they reset their account passwords.

Users received password reset messages

A screenshot of the alleged password reset message.
Source: Alice CH
An authentic message from MySejahtera, bearing the 63839 service number.
Source: Wau Post

The messages were indiscriminately sent out to users at random, with many Malaysians receiving them during the early hours of Monday (25th October 2021). Sent from an automated service number 68808, the message claims to have been sent on behalf of the MySejahtera app, and instructs users to reset their passwords by clicking on the link provided in the message. Some have even received emails containing the same password reset link.

An email containing the password reset message from MySejahtera.
Source: Wan Rusyaini

Eagle-eyed netizens have pointed out that legitimate password reset requests from MySejahtera are typically sent from the 63839 automated service number, and not the 68808 number. Moreover, these password reset messages were sent to individuals who did not request to reset their passwords to begin with. For the time being, users are being warned against clicking on the link and potentially falling victim to a data breach or scam, repots Oriental Daily.

Malicious scripts attributed to earlier spam emails and messages

This new incident has further fueled concerns among Malaysians concerning the safety and security of the MySejahtera contact tracing app. Just a week prior, users had received both SMS messages containing alleged OTP check-ins, as well as spam emails that contained images of 1980s British pop-singer Rick Astley from his music video for ‘Never Gonna Give You Up’.

App developers behind MySejahtera have since come forward to state that the issues were due to ‘malicious scripts’ that have gained accessed and misused the application’s QR check-in function, and reassured users that no data was compromised as a result. However, no mention has yet been made about the new slew of password reset messages received by netizens since yesterday (25th October 2021).

Wau Post has reached out to the MySejahtera team for comment on the matter.

For more stories like this, follow us on Wau Post!

Also read: Did you receive a mysterious OTP message from MySejahtera? Here’s why:

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts