'You've tested positive': Malaysians rickrolled by Covid-19 tracing app glitch
PHOTO: Twitter/fahmi_fadzil
PUBLISHED ONOctober 21, 2021 7:50 AMByAmierul RashidThe last thing you'd expect when receiving an email or notification from a Covid-19 tracing app is Rick Astley's face staring back at you.
That was what happened to some Malaysians on Wednesday morning (Oct 20) due to a glitch on the nation's Covid-19 tracing mobile app MySejahtera.
Affected users were caught off guard and they took to Twitter to share screenshots and air their gripes on the app's poor data security.
Several text messages and emails they received read: "Dear User, Thank you for reaching out to MySejahtera Helpdesk. We have received your email and confirm your details as below.”
The messages came with a "RickRollr" sign-off as well as a photo of the famed British singer-songwriter.
Political figures weren't spared either. Lembah Pantai Member of Parliament Fahmi Fadzil said on Twitter that he had been receiving such emails since Oct 17.
[embed]https://twitter.com/fahmi_fadzil/status/1450700078553833478[/embed]
While being rickrolled by the "ministry of health" is odd, it isn't nearly as alarming as being tricked into thinking you've tested positive for Covid-19.
Some app users said they received a text message providing a one-time password (OTP) to verify their supposed MySejahtera check-ins.
[embed]https://twitter.com/kavitamaheendra/status/1450631740863569920[/embed]
[embed]https://twitter.com/kavitamaheendra/status/1450158092914593793[/embed]
[embed]https://twitter.com/heislyc/status/1450597056276353026[/embed]
[embed]https://twitter.com/tonymoey/status/1450718603532136451[/embed]
On Wednesday evening, the MySejahtera team posted a statement via their official Twitter page addressing the situation.
"We want to reassure all our users that no user data was accessed by these scripts but random phone numbers were spammed to verify their phone number.
We apologise for this inconvenience."
[embed]https://twitter.com/my_sejahtera/status/1450766893225164804[/embed]
MySejahtera also explained that the OTPs were sent out due to a misuse of the check-in QR registration feature that was meant for business premises and public transport operators among others.
“Since then these API (application programming interface) endpoints are blocked and a fix to enhance security will be moved tonight."
ALSO READ: Too tired? Medical staff in Malaysia injects 12-year-old boy with syringe without Covid-19 vaccine