Skip to main content

Digital Trends may earn a commission when you buy through links on our site. Why trust us?

This vaccine passport app data breach is a cautionary tale

A security blunder by proof-of-vaccination app Portpass provides a reminder that third-party apps may not protect your privacy and security. According to CBC News, Portpass exposed potentially hundreds of thousands of users’ personal information on its unsecured website.

After receiving a tip that the user profiles on the app’s website were accessible by members of the public, CBC verified the claim. While on the website, CBC was able to see users’ personal information, email addresses, blood types, birthdays, phone numbers, and photo identification, including driver’s licenses and passports.

This came after the company’s CEO, Zakir Hussein, denied that the app had security issues and “accused those who raised concerns about it of breaking the law.”

CBC gave Hussein and his company time to fix the lapse before publishing its article. The following morning when Hussein addressed the issue, he claimed that the breach only lasted for a few minutes, despite CBC reviewing the personal information for more than an hour —  after someone tipped them off. In light of this, it’s unclear how long the information was exposed.

Security problems expert saw coming

When CBC interviewed cybersecurity analyst Ritesh Kotah about the Portpass security problems, he shed some light on the issue.

“These were exactly the privacy and security concerns I’ve previously raised when it comes to third-party apps. You’ve gotta ask yourself, ‘Where’s the data housed? Who has access to it? Is it encrypted?’” Kotak said. He also addressed the risks to users whose information was exposed: “It opens them up to fraud, identity theft, and a whole other world of potential issues.”

But people do have to prove their vaccination status sometimes, and since there is no official proof-of-vaccination app for Alberta, Canada, residents, they get funneled toward third-party apps. More than 200,000 Canadians preregistered for Portpass by mid-June. Three months later, Portpass has more than 650,000 registered users, according to Hussein.

The Calgary Sports and Entertainment Corporation recommended Portpass to ticket-holders for games at Scotiabank Saddledome and McMahon Stadium. The recommendation has been removed, but in a Reddit post dated five days before CBC learned of the breach, one user warned against downloading the app. They pointed out that Portpass’ privacy policy didn’t guarantee adherence to Alberta’s Health Information Act or other federal legislation, stating only that they use the “highest security.” The user concluded: “Using this service and trusting them to properly protect your personal health care information would be a huge mistake.”

What now?

Users who fear their information may have been compromised should notify the Office of the Privacy Commissioner of Canada. According to IT World Canada, Alberta privacy commissioner’s office is in communication with Portpass as the company investigates the breach.

Editors' Recommendations

Sandra Stafford
Sandra Stafford is a Mobile team writer. She has three years of experience writing about consumer technology. She writes…
Best applications for Android data recovery
Pixel 4 running Android 11 beta

Losing important files or data is never fun. This can happen on your computer and laptop, and it can also happen on your Android smartphone or tablet. However, while Android owners might assume they have fewer options available to them in such a situation, there are a surprising number of applications out there for Android data recovery. We run through the best of them in this article, covering a range of software that can help you recover photos, messages, files, contacts, documents, music, and more.

Note that, in a majority of cases, these applications need to be downloaded to a Windows PC, although we'll state otherwise if you can also download any app for Mac computers as well. Also, remember that some of these apps require you to root your Android device to recover certain files types.
Tenorshare UltData

Read more
Uber riders, dare to peek at this new data on the ridesharing app?
An Uber driver and rider.

If you’re an Uber rider, you can now drill down into the data that creates your overall rating on the ridesharing service, enabling you to see precisely how many 5-star scores drivers have given you. And how many 1-star scores, too.

The new feature, announced by Uber in a blog post on Wednesday, February 16, will hopefully provide reassurance that you’re a truly wonderful passenger, though it may give some riders pause for thought, too. And take note -- Uber brought in a system in 2019 that can lead to poorly rated passengers being banned from the ridesharing service.

Read more
Cricket is making mobile data more affordable with FCC help
Samsung's Galaxy A13 from all angles.

Cricket has dropped a couple of new changes that may make its mobile data plans a little more cost-effective for customers. The biggest savings on those plans could come from qualifying for the Affordable Connectivity Program backed by the Federal Communications Commission (FCC), while the second change is just a slight increase to its monthly data cap for the basic 5G plan.

On a separate note, Cricket is also expanding its compatible device list by adding the Samsung Galaxy A13 5G. However, if you do just so happen to be in the market for a budget 5G phone, it could help to check out the best cheap 5G phones before picking up the somewhat lackluster Galaxy A13 5G.
Affordable Connectivity Program
Those eligible for the Affordable Connectivity Program can now seek coverage with Cricket. Customers enrolled in the program could see up to $30 off per month for eligible households. If you reside on Tribal Lands, you could see up to $75 off per month. What would these savings look like month to month?

Read more