Following the report last month, that multiple Indian government websites were leaking COVID-19 test reports, Sourajeet Majumder has discovered another website exposing millions more. The security researcher shared his findings last week: “I have found an issue in an Indian Government site which is resulting in the leakage of test reports of EVERYONE who took a COVID-19 test in a particular state. These reports have sensitive information about the citizens in them like name, age, date and time of sample testing, residence address, etc.”
The state referred to is the Indian state of West Bengal, where the number of publicly accessible reports leaked online was way over 8 million. Majumder attempted to make contact with the relevant parties. While no response was received, the issues have been remediated and the URL endpoints that were previously leaking the patient reports now come up as a 404 message.