The private key used to sign the vaccine passports was leaked and is being passed around to create fake passes for the likes of Mickey Mouse and Adolf Hitler.
As of Thursday morning Eastern time, Adolf Hitler and Mickey Mouse could still validate their digital Covid passes, SpongeBob Squarepants was out of luck, and the European Union was investigating a leak of the private key used to sign the EU’s Green Pass vaccine passports.
Two days earlier, on Tuesday, several people reported that they’d found a QR code online that turned out to be a digital Covid certificate with the name “Adolf Hitler” written on it, along with a date of birth listed as Jan. 1, 1900.
On Wednesday, the Italian news agency ANSA reported that several underground vendors were selling passes signed with the stolen key on the Dark Web, and that the EU had called “several high-level meetings” to investigate whether the theft was an isolated incident.
The private key used to verify Hitler’s pass was reportedly revoked as of Wednesday, but there were multiple reports of working certificates still being sold online. Threatpost confirmed this on Thursday morning by using the official Verifica