PETALING JAYA: The Economy Ministry has swiftly addressed a security flaw in the Central Database Hub (Padu) after a user highlighted a loophole within the system.
It was found that the loophole allowed third parties to use a user’s MyKad number to change a password in Padu.
In an X post, a user showed how he used Padu's application programming interface (API) to override a third party's password using the person's MyKad number.
An API is a software intermediary that allows two applications to talk to each other.
In a reply on X, the ministry wrote: "We constantly monitor external feedback. We are making the necessary improvements.
“Thank you for the comment, which we value as a positive criticism”.
ALSO READ : Suspend Padu until flaws resolved, says ex-deputy minister
Chief statistician Datuk Seri Dr Mohd Uzir Mahidin also thanked the user who pointed out the flaw, as the Statistics Department is among the agencies responsible for Padu.
Padu, launched on Jan 2, is a correlation of all the personal data held in various agencies. One of its objectives is to provide a profile of households and their disposable incomes for better distribution of targeted subsidies and assistance.
Pihak kami sentiasa memantau maklum balas di luar. Kami sedang melakukan penambahbaikan yang diperlukan.
Terima kasih di atas komen yang kami nilai sebagai satu kritikan positif. https://t.co/rKZdbLpasA
— Kementerian Ekonomi - Laman Rasmi (@EkonomiMalaysia) January 3, 2024