Two internet users indicated on social networks that they had succeeded in obtaining information on the health pass of Prime Minister Jean Castex, reports the daily Liberation. On Twitter, Mathis Hammel, research and development director of Sogeti, a cybersecurity company, notably boasted of having “legally obtained” the QR code. “I won’t do anything with it, call me if you want a helping hand in cybersecurity,” he added.
The vaccination certificate includes the date of birth of the Prime Minister and the vaccine used, in this case two doses of AstraZeneca.
How did Internet users manage to obtain the certificate legally? The answer can be found in a tweet from developer David Libeau on September 16, in which he reports that a photo, where Jean Castex’s QR code is visible, was taken by a famous photo agency and is circulating on the Internet. “Nice your health pass”, then tweeted the user to the attention of the Prime Minister.
Health pass fraud
According to Liberation, the photo was taken on September 13, during a trip by the head of government to an Ehpad in Clamart (Hauts-de-Seine), on the occasion of the launch of the campaign on the third dose of vaccine . In the photo, we can see in close-up the QR code of Jean Castex which could be scanned by Internet users. The photo would have remained available on the Internet for nearly 48 hours before being withdrawn by the press agency.
“Health passes are leaked in the press every week. This week, I saw that of Jean Castex and I informed their services, but that does not change the problem… ”, commented David Libeau.
Beyond medical secrecy, the disclosure of the Prime Minister’s QR code obviously raises the question of potential fraud. It is possible to integrate the QR codes of people vaccinated into the TousAntiCovid application and to use them since identity control is rarely practiced. Anyone could therefore use Jean Castex’s QR code to go to a public place.
Contacted by us, Matignon did not confirm the information but indicated that if it was the case, the Prime Minister’s services “would take note” of the situation to “avoid any malicious use of the data”.