Health Website Leaks 8 Million COVID-19 Test Results
In India, a teenaged ethical hacker named Sourajeet Majumder uncovered a flawed endpoint associated with a health department in the state of Bengal that exposed eight million Covid-19 test results and personally identifiable information. The data leak, likely a human-related error, has exposed confidential health information for an entire geographic region’s population. The agency has since fixed the error, however, it is unclear whether malicious actors accessed the information before the shutdown.
Majumder noticed a flaw in the structure of a URL test informing someone of their test result from the health authorities in Bengal. He then realized that the message included a pathway through which other people’s test results could be viewed. The error was eventually traced back to human error in a misconfigured endpoint at the healthcare facility, the Heath and Family Welfare Department of the state of West Bengal.