Skip to main content

Indian govt website leaked Covid lab test results

The government of West Bengal an Indian state govt website exposed the test result of millions of people who took Covid-19 test.

The website is part of govt mass testing program and the system works like this. They will send the sms to patient with the url to see their test results which contained the base64 encoded unique autoincremented number which is unique for every test which can be guessed by anyone. Anyone with basic knowledge about base64 encoding can change that parameters and can see all the test result listed on website which supposed to be visible to only patient.

The result contain name, age, gender, address and test result negative/positive.

Govt has taken site offline since end of February and currently it’s offline.

Popular posts from this blog

Signal Introduces Usernames for Encrypted Messaging: A Secure Way to Connect

Signal, the encrypted messaging service, is launching a new feature in the coming weeks: support for usernames. This beta feature allows users to establish unique usernames, enabling connections without divulging phone numbers. source: Signal Blog To create a username, navigate to your settings and select "Profile." Once you've chosen a unique username, generate a QR code or link to share with others. Recipients can connect by entering your username into the chat bar. Usernames can be changed at any time, though previous usernames may be claimed by others. Signal began testing usernames last fall. Unlike social media platforms, Signal usernames do not serve as logins or public handles. They offer a discreet means of communication without revealing personal phone numbers. While a phone number is required to register for Signal, sharing it is optional. Usernames remain private and do not appear on profiles or in chats unless shared explicitly. As Randall Sarafa, Signal'

AT&T Resets Millions of Customer Passcodes After Data Leak: What You Need to Know

AT&T recently confirmed a significant data breach affecting over 7.6 million current customers and 65 million former customers. The leaked information, which dates back to 2019 or earlier, includes personal details like names, addresses, phone numbers, and social security numbers. Fortunately, financial information and call history were not compromised. In response to the breach, AT&T has reset passcodes for affected customers. Passcodes, usually four-digit numbers, serve as an additional layer of security when accessing accounts. However, security experts warn that the encrypted passcodes leaked alongside customer information could be easily deciphered, posing a risk of unauthorized account access. Affected customers are advised to set up free fraud alerts with major credit bureaus and remain vigilant for any suspicious activity related to their accounts. AT&T is proactively reaching out to impacted customers via email or letter to inform them about the breach and the meas

Apple sues former iOS engineer for allegedly leaking confidential product details

Apple has taken legal action against a former employee, Andrew Aude, for allegedly leaking confidential information to journalists and employees of other companies. The lawsuit, filed in California state court, accuses Aude of divulging undisclosed details about Apple's Journal app, the development of the VisionOS headset, regulatory compliance strategies, employee headcounts, and other product hardware characteristics. According to the lawsuit, Aude reportedly communicated extensively with a Wall Street Journal journalist, referred to as "Homeboy," over 1,400 times using an encrypted messaging app between June and September 2023. He also shared a final feature list for an unannounced Apple product with "Homeboy" over the phone and exchanged over 10,000 text messages with another journalist at The Information, even traveling across the continent to meet her. Apple alleges that Aude leaked a list of finalized features for Apple's Journal app in a phone call w