Phone numbers and names of people getting COVID-19 tests were left exposed to on a Karnataka government website for several months. Anyone with a little bit of programming experience could, in theory, get these sensitive details off of the Karnataka COVID War Room website. This mechanism was disabled earlier this week, after a city-based Twitter user and media outlets highlighted the issue. Additionally, MediaNama has learnt that the website will soon have an OTP-based authentication system to address further privacy concerns (more on this further down). The website, launched in August this year, was meant to serve as means for people to access their COVID-19 results easily. People who have undergone a test are given a specimen referral form (SRF) ID. Users have to enter this 13-digit SRF ID, along with a CAPTCHA, and they get the result, along with…
