Another security vulnerability at a corona rapid test provider

display

Berlin / Dortmund (dpa) - A security gap in the software of a Corona rapid test provider allowed unauthorized persons to access test results and other sensitive data again.

The vulnerability was discovered by the hacker collective «Zerforschung».

According to the IT experts, the affected provider Eventus Media International (EMI) from Dortmund has now closed the gap.

The ARD broadcasters rbb, NDR and MDR first reported on the incident.

According to “Zerforschung”, at least 17,000 registrations for test dates could be viewed nationwide via the gap.

In addition, the data from around 7000 test results were unprotected online, including the address data of EMI customers.

The company apologized for the mistake and announced on that it would write to the affected customers individually in the next few days and inform them of the incident.

A member of the group had himself tested for Corona at EMI and, in this context, examined the system for querying his own test results.

It turned out that the website was technically based on an inadequately secured variant of the WordPress open source system.

After the hackers informed the Federal Office for Information Security (BSI), the Dortmund company closed the security gap at short notice.

display

In mid-March, a security gap was discovered at the company 21DX and its service provider Medicus Ai, via which data from around 130,000 people affected could be accessed.

© dpa-infocom, dpa: 210409-99-137114 / 3

Report of the IT collective "Zerforschung"

Report rbb