Around 8 million user records were exposed by the COVID-19 surveillance tool.
COVID-19 surveillance tool dubbed Surveillance Platform Uttar Pradesh COVID-19 was compromised on August 1st, leading to a massive data breach. Various vulnerabilities were exploited to compromise the surveillance platform, but the primary reason behind the breach was a severe lack of security.
UP government developed this tool for tracking and tracing COVID-19 patients and cases around India. The tool had a severe lack of security and now has lead to a massive data breach.
Researchers claim that the tool contained many vulnerabilities, all of which were exposing personally identifiable information data. The exposed data includes full names, gender, age, residential address, and contact numbers of everyone who had tested COVID-19 positive in Uttar Pradesh (UP).
Sensitive private data, including full name, phone numbers, addresses, and test results of approximately 8 million citizens, was posted as a data dump. This Web Index also contained information about foreign residents, non-Indians, and healthcare workers, and had no password protection or authentication required.
The data breach has had no impact on the tool developed by UP government, but has put the users in a threat zone. The leaked sensitive and personal data can be used by hackers and threat actors for launching various cyber attacks targeting users.
NPAV recommends users to keep an eye out for the phishing scams and malicious emails that may come their way. Hackers generally spread malware and backdoor through phishing emails. Hackers can also use these information to steal login credentials and other severely sensitive information of the user.
Install NPAV on your devices to keep them protected from all kinds of cyber attacks. Use NPAV and join us on a mission to secure the cyber world.