Thursday, January 23, 2025
HomeCyber Security NewsCoWIN Data Leak - Personal Data of COVID Vaccine Recipients Leaked on...

CoWIN Data Leak – Personal Data of COVID Vaccine Recipients Leaked on Telegram

Published on

SIEM as a Service

Follow Us on Google News

The information of hundreds of thousands of Indians who received the COVID vaccination was exposed in a significant data breach and posted on a Telegram channel.

The Fourth News, a Malayalam news portal, said that a Telegram bot on the channel “hak4learn” was providing access to the private information of millions of Indians.

As mentioned by the channel operator, you may access documents of the mobile number registered on the CoWin site.

It is also feasible to determine which vaccination was given and where it was given.

The CoWIN vaccination monitoring app from India, which has more than 1 billion registered users, is noteworthy.

“The scale of the data breach is what makes it hard to guess the repercussions,” says Srikanth Lakshmanan, a researcher who runs the digital payments collective Cashless Consumer. 

“Conservative estimates mean at least personal data of several hundred million users was exposed.”

List Of Individuals Whose Data Was Exposed

Several reports claim that sensitive information, including a person’s phone number, gender, ID card details, and date of birth, was exposed on Telegram. By providing a person’s name, a Telegram bot might obtain it.

Local news media have used the bot to gain access to the private data of politicians. The bot stopped functioning on the morning of June 12.

Since the bot was probably merely a shop window for whoever hacked the database, the fact that it has been shut down doesn’t indicate the breach is done, according to Lakshmanan.

“Usually, hackers reveal a slice of data publicly via a bot or web page to prove to the world they have said data and then sell it on the dark web,” Lakshmanan says. 

“While the bot is down now, we don’t know where all the data is being traded.”

The Cowin Portal Of The Health Ministry Is Completely Safe

According to the health ministry, allegations that the CoWIN site has been compromised are “without any basis” and the organization in charge of handling cybersecurity issues, the Computer Emergency Response Team, has been requested to look into the accusations.

The government said that the Co-WIN portal of the health ministry is completely safe, with adequate safeguards for data privacy

“The development team of COWIN has confirmed that there are no public APIs (application programming interface) where data can be pulled without an OTP (one-time password). In addition to the above, there are some APIs which have been shared with third parties such as ICMR (Indian Council of Medical Research) for sharing data,” the ministry said in its statement.

“It is reported that one such API has a feature of sharing the data by calling using just a mobile number of Aadhaar. However, even this API is very specific and the requests are only accepted from a trusted API which has been white-listed by the CoWIN application,” it added.

According to the health ministry, an internal exercise has also been started to assess the CoWIN security procedures that are now in place.

Minister Rajeev Chandrasekhar said, “National Data Governance policy has been finalized that will create a common framework of data storage, access and security standards across all of government.”

Stop Advanced Email Threats That Target Your Business Email – Try AI-Powered Email Security

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

GhostGPT – Jailbreaked ChatGPT that Creates Malware & Exploits

Artificial intelligence (AI) tools have revolutionized how we approach everyday tasks, but they also...

Tycoon 2FA Phishing Kit Using Specially Crafted Code to Evade Detection

The rapid evolution of Phishing-as-a-Service (PhaaS) platforms is reshaping the threat landscape, enabling attackers...

Nnice Ransomware Attacking Windows Systems With Advanced Encryption Techniques

CYFIRMA's Research and Advisory team has identified a new strain of ransomware labeled "Nnice,"...

Microsoft Unveils New Identity Secure Score Recommendations in General Availability

Microsoft has announced the general availability of 11 new Identity Secure Score recommendations in...

API Security Webinar

Free Webinar - DevSecOps Hacks

By embedding security into your CI/CD workflows, you can shift left, streamline your DevSecOps processes, and release secure applications faster—all while saving time and resources.

In this webinar, join Phani Deepak Akella ( VP of Marketing ) and Karthik Krishnamoorthy (CTO), Indusface as they explores best practices for integrating application security into your CI/CD workflows using tools like Jenkins and Jira.

Discussion points

Automate security scans as part of the CI/CD pipeline.
Get real-time, actionable insights into vulnerabilities.
Prioritize and track fixes directly in Jira, enhancing collaboration.
Reduce risks and costs by addressing vulnerabilities pre-production.

More like this

GhostGPT – Jailbreaked ChatGPT that Creates Malware & Exploits

Artificial intelligence (AI) tools have revolutionized how we approach everyday tasks, but they also...

Tycoon 2FA Phishing Kit Using Specially Crafted Code to Evade Detection

The rapid evolution of Phishing-as-a-Service (PhaaS) platforms is reshaping the threat landscape, enabling attackers...

Nnice Ransomware Attacking Windows Systems With Advanced Encryption Techniques

CYFIRMA's Research and Advisory team has identified a new strain of ransomware labeled "Nnice,"...