minute read
Share this article:
A teenaged ethical hacker discovered a flawed endpoint associated with a health-department website in the state of Bengal, which exposed personally identifiable information related to test results.
Yet another human-related error this time a flaw in a health department website in the state of Bengal, India has exposed the confidential results of COVID-19 tests as well as personally identifying information (PII) for an entire geographic region’s population.
Test results related to more than 8 million people potentially were exposed before the agency fixed the error, according to a security researcher.
Sourajeet Majumder, a teenaged ethical hacker in India, noticed a flaw in the structure of a URL in a text informing someone of their test result from Bengal health authorities. It included a pathway for finding other people’s test results, according to a report in BleepingComputer. The error was eventually traced back to a faulty