The developers of eHAC were using an unsecured Elasticsearch database to store over 1.4 million records from approximately 1.3 million eHAC users.
These records didn’t just expose the users. This data leak exposed the entire infrastructure around eHAC, including private records.
These records didn’t just expose the users. This data leak exposed the entire infrastructure around eHAC, including private records.
No. of people exposed:Approx. 1.3 m
Types of data exposed:PII data; travel information; medical records; COVID-19 status
Potential impact:Fraud; Hacking; Disinformation
Data storage format:Elasticsearch
Types of data exposed:PII data; travel information; medical records; COVID-19 status
Potential impact:Fraud; Hacking; Disinformation
Data storage format:Elasticsearch
Data yang terekspose:
- COVID-19 Test Data
- eHAC Account Data
- Individual Hospital Data
- Passenger PII Data
- PII Data From eHAC Staff
- COVID-19 Test Data
- eHAC Account Data
- Individual Hospital Data
- Passenger PII Data
- PII Data From eHAC Staff
Resiko untuk pengguna
With access to a person’s passport information, date of birth, travel history, and more, hackers could target them in complex (and simple) schemes to steal their identity, track them down, scam them in person, and defraud them of thousands of dollars.
With access to a person’s passport information, date of birth, travel history, and more, hackers could target them in complex (and simple) schemes to steal their identity, track them down, scam them in person, and defraud them of thousands of dollars.
Resiko untuk rumah sakit
Perlu mulai aware dengan resiko cyber security.
Hackers could harvest data from the app on individual hospitals and their staff, using this information to target the hospitals in various phishing, fraud, and viral attacks.
Perlu mulai aware dengan resiko cyber security.
Hackers could harvest data from the app on individual hospitals and their staff, using this information to target the hospitals in various phishing, fraud, and viral attacks.
Semoga data masih aman
vpnMentor ini ethical hacker, spt mas @secgron. Tdk mencuri atau jual data.
We reached out to the various parties responsible for eHAC to inform them about the vulnerability and suggest ways to secure their system.
vpnMentor ini ethical hacker, spt mas @secgron. Tdk mencuri atau jual data.
We reached out to the various parties responsible for eHAC to inform them about the vulnerability and suggest ways to secure their system.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
