Indonesia Covid-19 app failure exposes data of 1 million people

Jakarta, Aug 31 (EFE).- A failure in the system of the former Covid-19 prevention application of the Indonesian government has exposed the personal data of 1.3 million people, security company VPNMentor reported Tuesday.

The company said on its website that the Health Alert Card application, which on Jul. 15 discovered the security flaw, not only exposed users but also left “the entire infrastructure around [the card] open on a server, including private hospital registries and Indonesian officials using the app.”

The leaked data includes the name and identification numbers of passengers who arrived in Indonesia by plane and were tested for Covid-19, test results and other medical data, their accommodation and the data of the hospital where they came.

The application was designed for travelers arriving in Indonesia to download it and include their personal and medical data, including mandatory Covid-19 tests upon arrival.

“Our team discovered the [card] records without any hindrance, due to the lack of protocols installed by the creators of the application,” said the company, which told the government about the incident on Jul. 25.

Anas Maruf, director of the Health Ministry Data and Information Center, spoke Tuesday at a press conference about the existence of the problem, which he attributed to the old deactivated application, with all its functions included in another app.

Security flaws in websites and computer applications are frequent in Indonesia. In May, police data of 279 million Indonesians (out of a population of 270 million, including data on the deceased) was put up for sale in hacker forum Raidforum, blocked by the country’s government.

The forum announced the possibility of changing the information in the police database and even withdrawing access from authorities. EFE

sh-esj/lds