Security bug in health app Docket exposed COVID-19 vaccine records

A security bug in the health app Docket exposed the private information of residents vaccinated against COVID-19 in New Jersey and Utah, TechCrunch reports.

Docket is one of several so-called vaccine passports in the U.S., allowing residents to show their vaccination records — or a scannable QR code — for getting into events, restaurants or crossing into countries where vaccines are required.

But for a time, the app allowed anyone access to the QR codes of other vaccinated users — and all the personal and vaccine information encoded within..

TechCrunch discovered the bug on Tuesday and immediately contacted the company. Docket chief executive Michael Perretta said the bug was fixed at the server level a few hours later.