The Health Ministry has denied that spam emails and unsolicited one-time passwords (OTPs) sent out from MySejahtera were due to a database leak.

Instead, it said the incidents were due to the abuse of the application programming interfaces (APIs), which are software intermediaries that allow two applications to talk to each other.

“Based on preliminary investigations and other necessary actions by the National Cyber Security Agency, the sending of the false emails and text messages are...