Leak at Covid testing company made it possible to fake results in CoronaCheck app
Due to a major leak at the coronavirus testing company Testcoronanu, it was possible for anyone to create their own Covid vaccination or test certificate, RTL Nieuws reported on Sunday. Additionally, private details from about 60 thousand people who took a coronavirus test at this company had been leaked. The company is affiliated with the testing for travel initiative from the government.
The leak made it possible for anyone to easily add a fake negative coronavirus test result or proof of vaccination by adding two code lines. In the database, it was possible to personally enter which kind of test was absolved and what the result was. Afterward, you would automatically receive a travel certificate from Testcoronanu. The site has since been shut down by the Ministry of Health.
Not only was it possible to add test and vaccination certificates, but users could also alter the data of others.
“Anyone with an internet connection could simply adjust data in a corona database. You start to wonder: who else has abused this?”, director of the cybersecurity company ESET Netherlands, Dave Maasland said.
The leak put in question the reliability of the CoronaCheck app. “Any form of reliability is completely gone”, professor of microbiology at the UMC Groningen, Bert Niesters, said. “It is completely irresponsible to use this app for events where it is not possible to keep one and a half meters distance.”
The leak also revealed personal information, such as the full names, addresses, phone numbers, social security numbers, passport numbers and medical information from over 60 thousand people. This highly sensitive information can easily be misused by cybercriminals.
All locations from Testcoronanu have been closed. People who had an appointment to get tested will have to make an appointment with a different provider. The Ministry of Health said they will now investigate how Testcoronanu was accepted as a reliable partner, despite the gaping hole in their data security.
“In addition to closing the leak by the provider, we immediately focused on finding a solution for travelers whose test cannot take place now”, a spokesperson for the Ministry of Health said.