The developers of eHAC were using an unsecured Elasticsearch database to store over 1.4 million records from approximately 1.3 million eHAC users.

These records didn’t just expose the users. This data leak exposed the entire infrastructure around eHAC, including private records.

No. of people exposed:Approx. 1.3 m
Types of data exposed:PII data; travel information; medical records; COVID-19 status
Potential impact:Fraud; Hacking; Disinformation
Data storage format:Elasticsearch

Data yang terekspose:
- COVID-19 Test Data
- eHAC Account Data
- Individual Hospital Data
- Passenger PII Data
- PII Data From eHAC Staff

Resiko untuk pengguna

With access to a person’s passport information, date of birth, travel history, and more, hackers could target them in complex (and simple) schemes to steal their identity, track them down, scam them in person, and defraud them of thousands of dollars.

Resiko untuk rumah sakit

Perlu mulai aware dengan resiko cyber security.

Hackers could harvest data from the app on individual hospitals and their staff, using this information to target the hospitals in various phishing, fraud, and viral attacks.

Semoga data masih aman

vpnMentor ini ethical hacker, spt mas @secgron. Tdk mencuri atau jual data.

We reached out to the various parties responsible for eHAC to inform them about the vulnerability and suggest ways to secure their system.