In Petaling Jaya, the Ministry of Economy quickly addressed a security vulnerability in the Central Database Hub (Padu) after a user pointed out a flaw in the system.
The loophole allowed third parties to change a password in Padu using a user’s MyKad number.
In a post, a user demonstrated how they used Padu’s application programming interface (API) to override a third party’s password using the person’s MyKad number.
An API is an intermediary software that enables two applications to communicate with each other.
In response to the post, the ministry stated that they are constantly monitoring external feedback and are making necessary improvements to the system.
They also expressed gratitude for the comment, valuing it as constructive criticism.
Datuk Seri Dr Mohd Uzir Mahidin, the chief statistician, also thanked the user who identified the flaw, as the Statistics Department is one of the agencies responsible for Padu.
Padu, which was launched on Jan 2, is a consolidation of personal data from various agencies. Its objective includes providing a profile of households and their disposable incomes to enhance the distribution of targeted subsidies and assistance.
