The online dependency during the lockdowns increased the attack surface of many companies which led to more cyber attacks on major corporations, infrastructures and governments. Since the beginning of the pandemic, most employees have been working remotely which weakens the level of protection in the controlled working environment. Organizations had limited time leading to them not paying closer attention to their cybersecurity.  Hacktivism and state-sponsored hacking are not something new, although in those times hackers with social and political interests were having an opportunity to target other sectors being vulnerable due to the newly created services.

“In late 2020, North Korean cyber attackers reportedly targeted the vaccine maker AstraZeneca in the UK. They used spear-phishing via social media to try to inject malware by way of job description documents. Over the summer, Russian cyber attackers were also detected in a vaccine theft attempt.”


The need for response, to tackle the rapidly spreading virus, meant systems were deployed hastily and without much cyber security consideration, thus leaving numerous vulnerabilities to be exploited by hackers. Not only are attackers on the hunt for data, but the pandemic has created another interesting niche. Targets are the new systems at the airports, online vaccine passports, apps for registration for a vaccine, etc.

Firstly, in August, a user reported an issue with the Indonesian Covid-19 app that exposed users’ data by accident.C:\Users\Office\Pictures\Screenshot 2021-10-13 164840_censored (1).jpg

Data included: Passenger ID and type (including domestic and international travelers), hospital ID, queue number while doing this test, reference number, address and time for a home visit, test type (PCR, rapid antigen, etc.), date and place, test result and date issued, eHAC document ID, individual hospital data, additional passenger photo ID, hotel details.

Potentially affected: 1.4 million+

Hackers could use the data in a variety of ways to target hospital users and employees, including phishing, scams, spam, spying, or even banking fraud.

On the other hand, the vulnerability could allow hackers to change the data in some way that will disturb the government’s strategy for handling the pandemic and identifying vaccinated citizens. This could be an issue not only for the country itself but for the rest of the world.

In September, the following data was shared.


C:\Users\Office\Downloads\Screenshot 2021-10-13 150630_censored.jpg


C:\Users\Office\Downloads\Screenshot 2021-10-13 150630_censored.translated.jpg

The data contains the date of vaccination, total doses, name of the vaccine, certificate ID, name of the person, mobile number, gender, age, nationality, complete address information, hospital, personal data of the clinician who put the vaccine together, and personal data for the online platform of the country

Potentially affected: 3000

On October 13, 2021, passenger records were breached. 

C:\Users\Office\Downloads\Screenshot 2021-10-13 173224_censored.jpg


There are no further explanations from the spreader about how or why it was breached but that it is stated that it was from the health agency’s sideC:\Users\Office\Downloads\Screenshot 2021-10-13 173209_censored.jpg

Another interesting leak related to laboratory vulnerability.

C:\Users\Office\Downloads\Screenshot 2021-10-14 163618_censored.jpg

id, name, curp-Unique Population Registration Code, age, registration_date, date_birth, status, gender, company, email, phone, zip code, cohabitants, transport, transport_other, contact, contact_place, contact_place_other, going out_home, going out_friends, going out_gym, going out_party, going out_event, going out_extranion_event symptoms and concomitant illnesses

In addition, some public leaks like the EMA leak have spread all over the media and hacking forums.


The following data was being sold on an underground forum in June. It drew the attention of the media, but since the data has already been sold, there is no further information about what exactly is inside and how it was breached. The hacker states most of the data was breached through a big flaw in the national health system.

Original image:


The sample that the seller gave:
C:\Users\Office\Downloads\Screenshot 2021-10-13 153742_censored_censored.jpg

Translation of the columns: year, month, name, email, day, status (iscritto meaning registered), last name, privacy_1,privacy_2, verified, postal code address, postcode residence, fiscal code

On 26th October the bellow tweet was posted:

Containing the following valid certificate in the system:

As it is stated by the author this is showing that a certificate can be generated for anyone.

Data breaches affect every sector of the Health Industry as the following leaks were found later on Telegram.

On the 15th of November, 2021, an interesting article was shared in some Russian-speaking Telegram groups. 

Link of the article:

The story revolves around a seller of fake green passports which became a really common service in the hacking communities since the start of the vaccination process. He has collected all buyers’ data, knowing that this would be valuable later on, as buying fake documents entails criminal liability for buyers so they can be blackmailed.  He is now selling said data to the highest bidder. Exploiting both the weakness in government systems and the users that gave their information.

Not only do breaches like those threaten the users’ identity and leave a potential inability to identify vaccinated people and continue fighting the spread of COVID, but they build distrust and are used as a tool for misinformation, including conspiracy theories and fake news.

Everything governments and health organizations did last year (2020) were in a constant rush and under pressure, which led to vulnerabilities in important vaccine and vaccine passport-related systems. The protection of data is vital for the healthcare system and is crucial for handling a crisis as the manipulation of the data is directly affecting it. During the COVID-19 outbreak, the opportunities for hackers to find exploits in sectors that were pushed to act faster have multiplied. This shows us how important it is for development and innovation to be going at the same pace as cybersecurity. The past mistakes should be taken into account and help us be more prepared for the next pandemic or next global emergency. We shouldn’t forget that the key to limiting risks related to cyberattacks lies in understanding and planning security measures with the same caution as the system itself.

Leave a Reply

Your email address will not be published. Required fields are marked *

Post comment