According to the Público newspaper, the flaw was found on the website of the National Epidemiological Surveillance System (Sinave), created in 2014. On this website, diseases of “mandatory declaration” such as HIV/AIDS, tuberculosis and, recently, cases of Covid-19 are registered.
Observador reports that it was in Sinave that the Portuguese programmer, by chance, found a flaw that allowed anyone who added a few characters to the site's URL to access users' data. The Público newspaper advances that the flaw was corrected, days after the National Cybersecurity Centre was alerted.
To RTP, the director-general of Health, Graça Freitas, says she has no idea how many Portuguese may have been affected, in case third parties discovered the failure and took advantage of the situation.
Graça Freitas intends to reassure the population, stating that the fault was resolved in a short time. However, as the Observer reports, it is not known when the flaw has existed and if someone has used the data, which can be used to sell to advertising companies.