China Covid-19 health app breach puts celebrity photos online for pennies
- Hackers have uncovered a trove of personal information in Beijing’s digital health system used to track testing for the disease
- Eager online marketplace is trading in pictures, ID numbers and other data
Digital health codes have been instrumental in containing the Covid-19 pandemic in China. The codes, which assign users a red, yellow or green health ranking, are the difference between government quarantine, self-isolation and freedom.
This was highlighted by a recent data leak in Beijing. On Monday, Hongxing News, a digital subsidiary of Chengdu Economic Daily, reported that the city’s health code app was easily hackable. The outlet reported that users of the app could access other’s Covid-19 testing records – just by entering their full name and government 18-digit ID number.
In China, the sale of ID numbers is a well-known clandestine underground trade and police have cracked numerous syndicates over the years.
According to Hongxing, hackers are doing a brisk trade in the spoils of this simple trick. In one online chat group, a hacker offered to sell more than 1,000 personal government ID numbers – used in China for everything from buying plane tickets to renting homes – for just one yuan (US 15 cents).
Hackers were able to acquire users’ photos – used for facial verification – as well as their most recent Covid-19 test, and details of any future test appointments they may have booked.
Thousands of photos of celebrities and artists – generally innocuous and hastily-snapped selfies – started appearing for sale in online chat groups, with one particularly popular post offering to sell the “health code photos” of all seven members of Chinese pop group Teens in Times.
They are sold in group chats to enthusiasts of a phenomenon known as “proxy photography” – an online community in which participants compete for the best celebrity pictures, and the details needed to capture them – including leaked travel plans and plane reservations.