Padu bugs and vulnerabilities addressed by govt - Rafizi

KUALA LUMPUR: The Economy Ministry has amended several issues regarding the Central Database Hub (Padu) registration including bugs and vulnerabilities that were brought to the attention by social media users.

Its minister Rafizi Ramli in a posting on X, said several issues including the loophole where a person's identification card (IC) number can be used to override and change their passwords were addressed last night.

"This weakness in handling authentication was not found during the Security Posture Assessment (SPA) and the team took immediate action where the solution was implemented within an hour and was completed at 9pm last night."

This was highlighted by several users, who claimed that they could obtain IC numbers and register themselves without the actual owner knowing.

In matters of vulnerability where people can skip the 'e-Know Your Customer' (eKYC) process and information, Rafizi said only information submitted from users who have successfully verified eKYC is considered valid.

"To smooth the individual updating process, updating information can be done immediately after logging in (after check-in) without going through the eKYC process.

"The eKYC is only implemented after the information has been updated and the individual wishes to confirm and certify the submission of the profile."

He also said any information filled out without a verified eKYC will not be integrated into the database.

This comes after complaints by the public on the issues of vulnerability and bugs which were also highlighted by former Investment, Trade, and Industry (MITI) deputy minister Dr Ong Kian Ming.

Ong had earlier claimed that he could use the IC number of others to register on Padu.

After he did so, he said the owners of those IC numbers were unable to register themselves even though he had not undergone the verification process required.

Ong had also called for the registration of Padu to be temporarily suspended until the security flaws are addressed, as it currently lacks the robustness for its intended objective, citing that those currently receiving government aid like Bantuan Tunai Rahmah (BTR) may provide inaccurate information in the database.

Most Popular
Related Article
Says Stories