A leaked Covid-19 testing database which contains the personal details of an estimated 1.3 million people has been discovered online by a top security researcher.
The database, operated by Coronalab.eu which is owned by Microbe & Lab, an ISO-certified lab based in Amsterdam, Netherlands, was found without password protection and the documents within were all marked with the name and logo of the database owner.
Jeremiah Fowler, who reported the vulnerability to vpnMentor, attempted to contact CoronaLab with several responsible disclosure notices, but the database remained open until the cloud-hosting provider storing the database secured it from public access after they were made aware of the issue. It is unknown whether the database was directly managed by CoronaLab.