The app was established in 2021 by the Indonesian Ministry of Health.
Data Breach Summary
What is eHAC?
Its a mandatory requirement for any traveler entering Indonesia from overseas, both Indonesian citizens and foreigners.
Its also required for domestic flights within Indonesia.
But rare are these times.
Instead, we often need days of investigation before we understand whats at stake or whos leaking the data.
A record revealing passenger name, date of test, result, and more
Understanding a breach and its potential impact takes careful attention and time.
We work hard to publish accurate and trustworthy reports, ensuring everybody who reads them understands their seriousness.
Some affected parties deny the facts, disregarding our research or playing down its impact.
A record revealing passenger name, date of test, result, and more
So, we need to be thorough andmake sure everything we find is correct and accurate.
By early August, we had not received a reply from any of the concerned parties.
We contacted them on August 22nd and they replied on the same day.
Two days later, on August 24, the server was taken down.
Most countries have a similar agency to address localized data leaks and hacks.
These records didnt just expose the users.
The following is a breakdown of the various types of data exposed.
We estimate over 1.3 million people have been exposed in this data leak.
Skilled hackers could even use it as a launchpad to infiltrate and attack the highest levels of Indonesias government.
The result is further pain, suffering, and potential loss of life for the people of Indonesia.
To learn about data vulnerabilities in general, read ourcomplete guide to online privacy.
Our researchers use large-scale web scanners to search for unsecured data stores containing information that shouldnt be exposed.
They then examine each data store for any data being leaked.
Our team was able to access this database because it was completely unsecured and unencrypted.
eHAC was using an Elasticsearch database, which is ordinarily not designed for URL use.
As ethical hackers, were obliged to inform a company when we discover flaws in its online security.
The purpose of this web mapping project is to helpmake the internet safer for all users.
Wenever sell, store, or expose any informationwe encounter during our security research.
Our ethical security research team has discovered and disclosed some of the most impactful data breaches in recent years.
This has includedexposing the growing popularity of cybercrime groups on Telegram.
We also revealed howa data leak by the biggest US baby apparel chainhad compromised 100,000s of customers data.
You may also want to read ourVPN Leak Report and Data Privacy Stats Report.
Help Us Protect The Internet!
Check the Leak Box here »
c’mon, comment on how to improve this article.
