2.7 million calls to Sweden's public healthcare hotline open to the public

scottalanmiller

Posted byu/efxhoy on Reddit

Today it was published that Sweden's public healthcare hotline 1177 (www.1177.se), where people can call in and get medical advice, has had a major breach of recorded calls. 2.7 million calls were available to download for anyone with the IP-address of the storage server run by subcontractor Medicall in Thailand. I haven't been able to find a link in English yet as the story broke today but here is the Swedish source, Google Translate works fairly well:

https://computersweden.idg.se/2.2683/1.714787/inspelade-samtal-1177-vardguiden-oskyddade-internet

This is absolutely incredible. These are recordings of people giving their social security number, name and lists of their symptoms. All completely open to anyone with the IP. 170 000 hours of calls. They even ran the damn thing at

http://188.92.248.19:443/medicall/

Yes you're seeing it right. That's http:// and :433 in the same URL.

travisdh1

@scottalanmiller So much fail.

DustinB3403

Or win, depending on who you are.

Also it looks as though that website is now offline. At least for the moment.

StuartJordan

@scottalanmiller said in 2.7 million calls to Sweden's public healthcare hotline open to the public:

Posted byu/efxhoy on Reddit

Today it was published that Sweden's public healthcare hotline 1177 (www.1177.se), where people can call in and get medical advice, has had a major breach of recorded calls. 2.7 million calls were available to download for anyone with the IP-address of the storage server run by subcontractor Medicall in Thailand. I haven't been able to find a link in English yet as the story broke today but here is the Swedish source, Google Translate works fairly well:

https://computersweden.idg.se/2.2683/1.714787/inspelade-samtal-1177-vardguiden-oskyddade-internet

This is absolutely incredible. These are recordings of people giving their social security number, name and lists of their symptoms. All completely open to anyone with the IP. 170 000 hours of calls. They even ran the damn thing at

http://188.92.248.19:443/medicall/

Yes you're seeing it right. That's http:// and :433 in the same URL.

at least they tried to use a secure port hahaha....epic fail..

dave_c

Another day, another security breach/problem.
Note to myself: Am I getting used to that?