Padu Has Registration & Security Issues But It’s Getting Fixed One By One
Some people encountered registration issues and exposed a security flaw in the Padu system.
Subscribe to our FREE Newsletter, or Telegram and WhatsApp channels for the latest stories and updates.
The registration for Padu, which will last for three months until 31 March 2024, started yesterday (2 January).
READ MORE: Padu Is Live And Open For Registration For 3 Months
To register for a Padu account, members of the public need to provide their full name, NRIC number, a matching passcode, and a valid phone number to receive an OTP (One-time passcode).
Next, users need to perform an eKYC step (uploading a selfie and a photo of their NRIC) to verify their account. There’s an option to skip the eKYC step and the account will be created under the person’s NRIC number.
Once registered, no one can register for a Padu account using your already-registered NRIC number.
Registration issues have arisen
Unfortunately, Malaysians who tried to sign up have encountered several registration issues such as the failure to receive an OTP.
However, what was worrying was the ability to register an account using someone else’s details such as Identification Card number and postcode.
Some Twitter users have tried this and shown that it was a legitimate security oversight in the Padu system.
Guess what.
— useState('drmsr') (@drmsr_dev) January 2, 2024
I only need your IC number to override and change your PADU login password.@farhanhelmycode @rafiziramli @Dr_Uzir @lamkanahraf pic.twitter.com/m1K2mR3wP2
Former Deputy International Trade and Industry Minister Ong Kian Ming managed to register four separate accounts under the names of his colleagues namely Youth and Sports Minister Hannah Yeoh, Communications Deputy Minister Teo Nie Ching, Deputy International Trade and Industry Minister Liew Chin Tong, and Human Resources Minister Steven Sim.
Ong advised Malaysians to quickly register their Padu account so no one could use their details and effectively prevent them from opening an account.
To test this out, I obtained the IC nos and postcode of my colleagues from the electoral roll @scheekeong @hannahyeoh @LiewChinTong @TeoNieChing and registered padu accounts using my own phone no and email address… now they cannot register accounts themselves… pic.twitter.com/KrbFkQEPNp
— Ong Kian Ming 🇲🇾 (@imokman) January 2, 2024
PADU sending you your OTP immediately after registration is not the problem here. Anyone with access to the electoral roll (for e.g.) or any database with names, IC Nos and Addresses, can key in any phone no for the OTP to be sent to and register a ton of PADU accounts.
— Ong Kian Ming 🇲🇾 (@imokman) January 2, 2024
It’s being fixed one by one
In light of the cybersecurity issues, Economy Minister Rafizi Ramli tweeted to say the issues concerning Padu registration have been fixed as of 5pm yesterday (4 hours after registration opened).
Rafizi said the issues concerning Celcom users failing to receive an OTP were fixed around 3.30pm.
Rafizi explained that registration is only complete and valid if the eKYC step is completed. The eKYC step is the last step of registration to make the account-creating process easier.
He also rubbished the claims that the eKYC approval takes three days. He said the approval only took less than five minutes.
Rafizi advised members of the public to head to the Helpdesk if they discover others have used their identities to register a Padu account.
He added that users cannot see complete data in the Padu system for security and privacy purposes.
READ MORE: Security Audits On PADU Database System Crucial To Protect Personal Data
KEMASKINI #PADU
— Rafizi Ramli (@rafiziramli) January 2, 2024
Data setakat jam 5ptg 2 Jan 2024 (4 jam selepas dibuka)
Menjawab maklum balas netizen & isu ditimbulkan @imokman
MASALAH OTP
Ada masalah dengan pengguna Celcom pada awalnya, tetapi diselesaikan sekitar jam 330 petang
JUMLAH PENDAFTARAN BERJAYA
70,000+ selepas 4… https://t.co/t6Nyk5Wc4e
Share your thoughts with us via TRP’s Facebook, Twitter, Instagram, or Threads.