The COVID-19 surveillance tool built by the Uttar Pradesh state government has put data of approx. 8 million Indian citizens at risk.
A research report from VPNmentor revealed that a COVID-19 surveillance tool dubbed Surveillance Platform Uttar Pradesh COVID-19 was compromised on August 1st, leading to a massive data breach.
According to researchers, various vulnerabilities were exploited to compromise the surveillance platform, but the primary reason behind the breach was a severe lack of security.
See: Chinese COVID-19 detection firm hacked; source code sold on dark web
VPNnentor researchers noted that the regional government of Uttar Pradesh developed the tool as part of a large-scale mapping project. Its primary purpose was to track and trace coronavirus patients across India, and the lack of “data security protocols inadvertently left access to the platform-wide open,” exposing the data of millions in India.
Researchers claim that the tool contained many vulnerabilities, all of which were exposing personally identifiable information data. The exposed data includes full names, gender, age, residential address, and contact numbers of everyone who had tested COVID-19 positive in Uttar Pradesh (UP), one of the country’s largest states, and other parts of India.
The data was secured a month after VPNmentor’s team discovered it. According to VPNMentor’s analyst Ran Locar and Noam Rotem, the first vulnerability was identified in an unsecured and unencrypted git repository containing a “data dump” of login credentials, which included admin accounts usernames and passwords stored on the platform.
india covid surveillance exposed millions
