A security blunder by proof-of-vaccination app Portpass provides a reminder that third-party apps may not protect your privacy and security. According to CBC News, Portpass exposed potentially hundreds of thousands of users’ personal information on its unsecured website.
After receiving a tip that the user profiles on the app’s website were accessible by members of the public, CBC verified the claim. While on the website, CBC was able to see users’ personal information, email addresses, blood types, birthdays, phone numbers, and photo identification, including driver’s licenses and passports.
This came after the company’s CEO, Zakir Hussein, denied that the app had security issues and “accused those who raised concerns about it of breaking the law.”
CBC gave Hussein and his company time to fix the lapse before publishing its article. The following morning when Hussein addressed the issue, he claimed that the breach only lasted for a few minutes, despite CBC reviewing the personal information for more than an hour — after someone tipped them off. In light of this, it’s unclear how long the information was exposed.
When CBC interviewed cybersecurity analyst Ritesh Kotah about the Portpass security problems, he shed some light on the issue.
“These were exactly the privacy and security concerns I’ve previously raised when it comes to third-party apps. You’ve gotta ask yourself, ‘Where’s the data housed? Who has access to it? Is it encrypted?’” Kotak said. He also addressed the risks to users whose information was exposed: “It opens them up to fraud, identity theft, and a whole other world of potential issues.”
But people do have to prove their vaccination status sometimes, and since there is no official proof-of-vaccination app for Alberta, Canada, residents, they get funneled toward third-party apps. More than 200,000 Canadians preregistered for Portpass by mid-June. Three months later, Portpass has more than 650,000 registered users, according to Hussein.
Users who fear their information may have been compromised should notify the Office of the Privacy Commissioner of Canada. According to IT World Canada, Alberta privacy commissioner’s office is in communication with Portpass as the company investigates the breach.
- The most common Zoom problems and how to fix them
- The 100 best Android apps (December 2021)
- This South Korean smart home hack is one more reason you should secure your home
- The best iPhone apps (December 2021)
- The best VPN services for 2021