The government of West Bengal an Indian state govt website exposed the test result of millions of people who took Covid-19 test.
The website is part of govt mass testing program and the system works like this. They will send the sms to patient with the url to see their test results which contained the base64 encoded unique autoincremented number which is unique for every test which can be guessed by anyone. Anyone with basic knowledge about base64 encoding can change that parameters and can see all the test result listed on website which supposed to be visible to only patient.
The result contain name, age, gender, address and test result negative/positive.
Govt has taken site offline since end of February and currently it’s offline.