A bug in a medical startup’s website put thousands of COVID-19 test results at risk
Zack Whittaker reports:
A California-based medical startup that provides COVID-19 testing across Los Angeles has pulled down a website it used to allow customers to access their test results after a customer found a vulnerability that allowed access to other people’s personal information.
Total Testing Solutions has 10 COVID-19 testing sites across Los Angeles, and processes “thousands” of COVID-19 tests at workplaces, sports venues and schools each week. When test results are ready, customers get an email with a link to a website to get their results.
But one customer said they found a website vulnerability that allowed them to access other customers’ information by increasing or decreasing a number in the website’s address by a single digit.
Read more on TechCrunch.
