A dark web user known as Z1ON is selling admin-level access to a COVID-19 health data portal allegedly belonging to the Government of Burkina Faso.
The dashboard screenshots show:
- Vaccination counts for Pfizer, AstraZeneca, Moderna, Sinopharm, and others
- PCR and TDR test data with results for the past year
- A live backend showing over 1,400 unavailable results
The attacker is offering access for $300 USD.
Admin access could allow data tampering, identity theft, or ransomware injection and a breach like this could undermine public trust in national health platforms.
Recommendation
CyHawk Africa recommends the following:
- Immediate review of COVID platform access logs and credentials
- Public health systems must implement MFA, IP filtering, and audit logging
- Burkina Faso’s CERT should coordinate a takedown and breach notification if validated