A bug in a medical startup’s website put thousands of COVID-19 test results at risk

Zack Whittaker reports:

A California-based medical startup that provides COVID-19 testing across Los Angeles has pulled down a website it used to allow customers to access their test results after a customer found a vulnerability that allowed access to other people’s personal information.

Total Testing Solutions has 10 COVID-19 testing sites across Los Angeles, and processes “thousands” of COVID-19 tests at workplaces, sports venues and schools each week. When test results are ready, customers get an email with a link to a website to get their results.

But one customer said they found a website vulnerability that allowed them to access other customers’ information by increasing or decreasing a number in the website’s address by a single digit.

Read more on TechCrunch.

About the author: Dissent

Comments are closed.