NEW DELHI: A cyber security researcher has claimed that a security flaw in a portal run by the West Bengal government has allegedly leaked lab results data of millions of people who went for coronavirus testing, the media reported on Thursday.
Security researcher Sourajeet Majumder told TechCrunch that the website is part of the West Bengal government's mass coronavirus testing programme. Once a COVID-19 test result is ready, the government sends a text message to the patient, with a link to its website containing their test results. The leaked test lab results contain the patient's name, sex, age, postal address, lab test results (positive, negative on inconclusive). A hacker can access the data and exploit innocent users, warned the cyber security researcher. "This is a privacy violation if somebody else gets access to my private information," Majumder was quoted as saying in the report. The state government was yet to react to the claim by the cyber security researcher. Majumder reported the vulnerability to the Indian Computer Emergency Response Team (CERT-in), which acknowledged the problem.
The website managing team, however, did not respond to Majumder's email. The website went offline thereafter and by that time, the state government had tested more than 8.5 million residents for COVID-19.
It's still not known how many COVID lab results were exposed because of this security vulnerability. According to the report, the website bug "meant that anyone could change that number in their browser's address bar and view other patients' test results". (IANS)