Don’t Share Your Covid Vaccination Certificate

So you’ve had your Covid vaccine and you’re feeling relieved, ready to rumble, and maybe even a little smug. How best to let your friends and family know that you’re out of quarantine? Publish the certificate on Facebook of course! Share it on Instagram. Tweet it! Let the world know you’re coming out!


The vaccination certificate has two QR Codes that make it fairly easy for clever hackers to scan and steal your personal data to forge a health pass.

Information supplied on this piece of paper gives your first and last name, date of birth, date of injection and product injected. Sounds pretty harmless. But there are two other important elements on this document.

The first, on the left of the document, is a ‘datamatrix’, a 2D-DOC code which certifies the authenticity of the proof of vaccination.

This code can be scanned quite simply using a smartphone camera to reveal the information above

The second, to the right of the certificate, is the QR Code, intended for use on the government application TousAntiCovid. This also allows easy access to your personal data and gives hackers the possibility of impersonating you. (For example, somebody with Covid could present your QR Code, enter a venue and pass the virus on.)

Hackers could also use that info in email scams, pretending to be a trusted medical service providing specific information about your vaccination, lulling you into a false sense of security.

From June 9th, the vaccination certificate will be used as a health pass into festivals, stadiums, concerts, theatres etc or even for travel around Europe. According to the government, officials who check the vaccination status will only see a red or green square when they scan for information, indicating ‘état d’un test négatif récent, d’une preuve de rétablissement ou d’un certificat de vaccination’ (recent negative test, proof of recovery or a vaccination certificate,’. so your personal privacy is preserved from the checkers – but not from the hackers.

Enjoy your social media communications, but remember that there are sharks circling in those waters and think twice before you post anything personal, no matter how harmless it may seem.


  1. If you really believe that any of these machines will only show a Red/Green light and not lift off all the personal data then you don’t know much about human psychology and haven’t been paying much attention to the last few decades!
    I’m sorry but that is just the way it is.

  2. So helpful thank you. Of course this would happen thinking about it! Luckily I’m too lazy to post much but will warn friends

Leave a Comment