A teenaged ethical hacker discovered a flawed endpoint associated with a health-department website in the state of Bengal, India. The flaw exposed confidential results of COVID-19 tests as well as personally identifying information (PII) for an entire geographic region s population. Test results related to more than 8 million people potentially were exposed before the agency fixed the error, according to a security researcher. The error was eventually traced back to a faulty endpoint at the Health and Family Welfare Department of West Bengal.
Source: https://threatpost.com/health-website-leaks-covid-19-test/164274/