An Elasticsearch server owned by an Indian healthcare software provider has an ongoing leakage of Covid antigen test results online. The uncovered test results belonged to the Indians and foreign nationals who visited or from India since 2020.
The researchers noted that users executed these tests through a rapid antigen kit. The Indian Council approved the used antigen kit for Medical Research. Moreover, it is also an approved self-testing kit for the Covid-19 virus.
The leakage was confirmed by an independent researcher who shared its discovery in a public forum. The worse part of this incident is that it is currently exposing the data to the public without security authentication or a password.
The leaked Covid antigen test results have made their way to the public because of poorly configured databases.
According to the independent researcher, there were misconfigured databases on Shodan and a server exposing over 20 gigabytes of data to public access. In addition, the server is owned by a company in Haryana, India, but it is still uncertain if it is safe to reveal the company’s name responsible for the leakage.
The analysis revealed that the exposed records were Covid 19 antigen test results that exposed the data of approximately 1.7 million individuals. The test results contained essential details such as full names, dates of birth, nationality, gender, addresses, and phone numbers.
Other data also included voter’s ID, Covid-19 test results, passport numbers, medical conditions, vaccine information, and Aadhaar numbers.
It is still unclear if a third-party entity accessed the database. Threat groups with malicious motives may have laid their hands on the exposed data. Experts claimed there could be devastating consequences for the affected victims and the responsible firm if a ransomware group got a hold of the disclosed information.
The incident could also have future implications since the extent and nature of the leaked data could be used by anyone for phishing scams or identity theft attacks.
Lastly, ransomware actors could hold the affected company’s data for ransom and expose these troves of data on a hacker forum.
