Yet another human-related error — this time a flaw in a health department website in the state of Bengal, India — has exposed the confidential results of COVID-19 tests as well as personally identifying information (PII) for an entire geographic region’s population.
Test results related to more than 8 million people potentially were exposed before the agency fixed the error, according to a security researcher.
Sourajeet Majumder, a teenaged ethical hacker in India, noticed a flaw in the structure of a URL in a text informing someone of their test result from Bengal health authorities. It included a pathway for finding other people’s test results, according to a report in BleepingComputer. The error was eventually traced back to a faulty endpoint at the Health and Family Welfare Department of the state of West Bengal, according to the report.