The MySejahtera app has been revealed to have security vulnerabilities that allow anyone to send out emails or one-time passwords (OTP) on behalf of the app, leading to concerns over personal data breaches.

The MySejahtera team has since said they have blocked the exploit that made it possible to send out OTPs on behalf of the app and is in the midst of enhancing the app’s security. They have yet to address the email exploit.

The matter was first...