Skip to main content
  1. Home
  2. Phones
  3. Mobile
  4. News

Digital Trends may earn a commission when you buy through links on our site. Why trust us?

This vaccine passport app data breach is a cautionary tale

By
Add as a preferred source on Google

A security blunder by proof-of-vaccination app Portpass provides a reminder that third-party apps may not protect your privacy and security. According to CBC News, Portpass exposed potentially hundreds of thousands of users’ personal information on its unsecured website.

After receiving a tip that the user profiles on the app’s website were accessible by members of the public, CBC verified the claim. While on the website, CBC was able to see users’ personal information, email addresses, blood types, birthdays, phone numbers, and photo identification, including driver’s licenses and passports.

Recommended Videos

This came after the company’s CEO, Zakir Hussein, denied that the app had security issues and “accused those who raised concerns about it of breaking the law.”

CBC gave Hussein and his company time to fix the lapse before publishing its article. The following morning when Hussein addressed the issue, he claimed that the breach only lasted for a few minutes, despite CBC reviewing the personal information for more than an hour —  after someone tipped them off. In light of this, it’s unclear how long the information was exposed.

Security problems expert saw coming

When CBC interviewed cybersecurity analyst Ritesh Kotah about the Portpass security problems, he shed some light on the issue.

“These were exactly the privacy and security concerns I’ve previously raised when it comes to third-party apps. You’ve gotta ask yourself, ‘Where’s the data housed? Who has access to it? Is it encrypted?’” Kotak said. He also addressed the risks to users whose information was exposed: “It opens them up to fraud, identity theft, and a whole other world of potential issues.”

But people do have to prove their vaccination status sometimes, and since there is no official proof-of-vaccination app for Alberta, Canada, residents, they get funneled toward third-party apps. More than 200,000 Canadians preregistered for Portpass by mid-June. Three months later, Portpass has more than 650,000 registered users, according to Hussein.

The Calgary Sports and Entertainment Corporation recommended Portpass to ticket-holders for games at Scotiabank Saddledome and McMahon Stadium. The recommendation has been removed, but in a Reddit post dated five days before CBC learned of the breach, one user warned against downloading the app. They pointed out that Portpass’ privacy policy didn’t guarantee adherence to Alberta’s Health Information Act or other federal legislation, stating only that they use the “highest security.” The user concluded: “Using this service and trusting them to properly protect your personal health care information would be a huge mistake.”

What now?

Users who fear their information may have been compromised should notify the Office of the Privacy Commissioner of Canada. According to IT World Canada, Alberta privacy commissioner’s office is in communication with Portpass as the company investigates the breach.

Sandra Stafford
Sandra Stafford
Former Mobile Writer
Sandra Stafford is a Mobile team writer. She has three years of experience writing about consumer technology. She writes…
Topics
Google’s new desktop mode makes one thing clear: Samsung DeX was onto something
Android 16 finally brings a real desktop mode to Pixel phones, but Google’s long-awaited move mostly proves Samsung spent years getting the hard parts right
File, Webpage, Person

I’ve been waiting for Android to take desktop mode seriously for years. Back in 2019, I bought a OnePlus 7 Pro and wasted an embarrassing amount of time trying to brute-force its half-baked desktop mode into something useful.

The idea made perfect sense to me even then. Phones were already absurdly powerful, and the thought of carrying one real computer in my pocket felt less like science fiction and more like delayed common sense.

Read more
The MacBook Neo made me realize Apple still doesn’t know how to do a truly great cheap iPhone
MacBook Neo gave me an iPhone 17e epiphany
iPhone 17e rear camera.

Apple’s main business still revolves around the iPhone, with roughly half of the revenue being brought in by these devices. But this is why it feels so strange that the company managed to build a better entry-level Apple laptop than an entry-level iPhone.

The MacBook Neo starts at $599 in the US, with buyers getting a full aluminum build, a 13-inch hi-res Liquid Retina display, Apple silicon, and all-day battery life. Apple is clear about what it has built. This isn't a Pro machine with the powerful M series processors. But despite the various cutbacks in hardware, it still feels like a complete product.

Read more
You can’t buy the Galaxy Z TriFold anymore: It’s officially sold out
With a 10-inch display and a lifespan shorter than most gym memberships, the TriFold is already the stuff of tech legend.
Samsung Galaxy TriFold folding, TriFold Phone

Samsung has quietly updated the Galaxy Z TriFold’s product page with a message: the company’s first tri-folding phone is now completely sold out with no restock in sight. If you were hoping to get one sometime in the future, perhaps when the phone goes on sale, it’s time to let go. 

“The limited-run Galaxy Z TriFold is now completely sold out,” an updated message on the Galaxy Z TriFold’s landing page says. The message also asks people to keep visiting Samsung’s website for “one-of-a-kind innovations” and shop for other foldables or mobile devices. 

Read more