Leak at Covid testing company made it possible to fake result in CoronaCheck app

Original research was done by Daniel Verlaan[0], who has uncovered data leaks related to COVID testing before[1].<p>In an email to people who had gotten an appointment from this &quot;coronatestnu&quot; company, all the recipients where addressed in CC[2].<p>It seems the required pentesting that is needed with these testing companies wasn&#x27;t done correctly and will be looked at internally[3].<p>[0] <a href="https:&#x2F;&#x2F;twitter.com&#x2F;danielverlaan&#x2F;status&#x2F;1416673022023458816" rel="nofollow">https:&#x2F;&#x2F;twitter.com&#x2F;danielverlaan&#x2F;status&#x2F;1416673022023458816</a><p>[1] <a href="https:&#x2F;&#x2F;www.zdnet.com&#x2F;article&#x2F;dutch-covid-19-patient-data-sold-on-the-criminal-underground&#x2F;" rel="nofollow">https:&#x2F;&#x2F;www.zdnet.com&#x2F;article&#x2F;dutch-covid-19-patient-data-so...</a><p>[2] <a href="https:&#x2F;&#x2F;twitter.com&#x2F;danielverlaan&#x2F;status&#x2F;1416700373230923776" rel="nofollow">https:&#x2F;&#x2F;twitter.com&#x2F;danielverlaan&#x2F;status&#x2F;1416700373230923776</a><p>[3] <a href="https:&#x2F;&#x2F;twitter.com&#x2F;danielverlaan&#x2F;status&#x2F;1416687638896070656" rel="nofollow">https:&#x2F;&#x2F;twitter.com&#x2F;danielverlaan&#x2F;status&#x2F;1416687638896070656</a>