Saturday, April 13, 2024

CoWIN Data Leak – Personal Data of COVID Vaccine Recipients Leaked on Telegram

The information of hundreds of thousands of Indians who received the COVID vaccination was exposed in a significant data breach and posted on a Telegram channel.

The Fourth News, a Malayalam news portal, said that a Telegram bot on the channel “hak4learn” was providing access to the private information of millions of Indians.

As mentioned by the channel operator, you may access documents of the mobile number registered on the CoWin site.

It is also feasible to determine which vaccination was given and where it was given.

The CoWIN vaccination monitoring app from India, which has more than 1 billion registered users, is noteworthy.

“The scale of the data breach is what makes it hard to guess the repercussions,” says Srikanth Lakshmanan, a researcher who runs the digital payments collective Cashless Consumer. 

“Conservative estimates mean at least personal data of several hundred million users was exposed.”

List Of Individuals Whose Data Was Exposed

Several reports claim that sensitive information, including a person’s phone number, gender, ID card details, and date of birth, was exposed on Telegram. By providing a person’s name, a Telegram bot might obtain it.

Local news media have used the bot to gain access to the private data of politicians. The bot stopped functioning on the morning of June 12.

Since the bot was probably merely a shop window for whoever hacked the database, the fact that it has been shut down doesn’t indicate the breach is done, according to Lakshmanan.

“Usually, hackers reveal a slice of data publicly via a bot or web page to prove to the world they have said data and then sell it on the dark web,” Lakshmanan says. 

“While the bot is down now, we don’t know where all the data is being traded.”

The Cowin Portal Of The Health Ministry Is Completely Safe

According to the health ministry, allegations that the CoWIN site has been compromised are “without any basis” and the organization in charge of handling cybersecurity issues, the Computer Emergency Response Team, has been requested to look into the accusations.

The government said that the Co-WIN portal of the health ministry is completely safe, with adequate safeguards for data privacy

“The development team of COWIN has confirmed that there are no public APIs (application programming interface) where data can be pulled without an OTP (one-time password). In addition to the above, there are some APIs which have been shared with third parties such as ICMR (Indian Council of Medical Research) for sharing data,” the ministry said in its statement.

“It is reported that one such API has a feature of sharing the data by calling using just a mobile number of Aadhaar. However, even this API is very specific and the requests are only accepted from a trusted API which has been white-listed by the CoWIN application,” it added.

According to the health ministry, an internal exercise has also been started to assess the CoWIN security procedures that are now in place.

Minister Rajeev Chandrasekhar said, “National Data Governance policy has been finalized that will create a common framework of data storage, access and security standards across all of government.”

Stop Advanced Email Threats That Target Your Business Email – Try AI-Powered Email Security


Latest articles

Alert! Palo Alto RCE Zero-day Vulnerability Actively Exploited in the Wild

In a recent security bulletin, Palo Alto Networks disclosed a critical vulnerability in its...

6-year-old Lighttpd Flaw Impacts Intel And Lenovo Servers

The software supply chain is filled with various challenges, such as untracked security vulnerabilities...

Hackers Employ Deepfake Technology To Impersonate as LastPass CEO

A LastPass employee recently became the target of an attempted fraud involving sophisticated audio...

Sisence Data Breach, CISA Urges To Reset Login Credentials

In response to a recent data breach at Sisense, a provider of data analytics...

DuckDuckGo Launches Privacy Pro: 3-in-1 service With VPN

DuckDuckGo has launched Privacy Pro, a new subscription service that promises to enhance user...

Cyber Attack Surge by 28%:Education Sector at High Risk

In Q1 2024, Check Point Research (CPR) witnessed a notable increase in the average...

Midnight Blizzard’s Microsoft Corporate Email Hack Threatens Federal Agencies: CISA Warns

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive concerning a...
Guru baran
Guru baran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Top 3 SME Attack Vectors

Securing the Top 3 SME Attack Vectors

Cybercriminals are laying siege to small-to-medium enterprises (SMEs) across sectors. 73% of SMEs know they were breached in 2023. The real rate could be closer to 100%.

  • Stolen credentials
  • Phishing
  • Exploitation of vulnerabilities

Related Articles