A web developer has found a security hole in the Austria-tested portal. Instead of thanks, he was fired.

It sounds a bit like a bad daily soap. A web developer has found a security hole on the Austria-tested portal. Österreich-tests is a platform run by the Ministry of Health.
So far so good. This is n't the first time this has happened, but this case has a little crazy story in its hand luggage. The data protection NGO epicenter.works uncovered this story together with ORF. It's about the web developer Gökhan S., who completed a programming job for a pharmacy. This pharmacy was connected to the Austria-tests platform. During this assignment, he came across the platform's security flaw. This gap was that every pharmacy could access the participants’ data via the platform. These data sets consist of names, addresses, social security numbers, telephone numbers, but also email addresses and the Corona test results. Basically all people who have registered for a Corona test via the Austria tests platform in the past few days are affected.

Security vulnerability: No thanks, but...

The web developer documented this vulnerability and contacted the Ministry of Health.
According to media reports, the ministry initially ignored it. At the same time, Gökhan S. also contacted ORF. According to its own information, the ORF then discovered this security gap in joint research together with the data protection NGO epicenter.works. Basically everything so far, so good. But the really crazy thing comes now.
In a statement to the ORF, the Ministry of Health does not speak of a security gap, but states that it would simply be an illegal use of the internal documentation systems of individual pharmacies. At the same time, the ministry also stated in the same reaction that the security gap had been closed. So, what do you usually do with people who discover a security gap and report it quite well? Right, at least they thank you. But here the opposite was the case. The Ministry of Health terminated its collaboration with the pharmacy, and the pharmacy in turn terminated its employment relationship with the web developer. You can also hang the messenger this way. epicenter.works website .

That can also be of interest

Restriction of basic rights: No, we are not in 1933! Changes in the law restrict fundamental rights, but this cannot be compared with the Enabling Act of 1933! Continue reading …

Sign up for the Mimikama newsletter

Notes:
1) This content reflects the current state of affairs at the time of publication. The reproduction of individual images, screenshots, embeds or video sequences serves to discuss the topic. 2) Individual contributions were created through the use of machine assistance and were carefully checked by the Mimikama editorial team before publication. ( Reason )