Home » Security News » Data of 150 million vaccinated Indian’s up f...

Data of 150 million vaccinated Indian’s up for sale; Health Ministry denies data breach

Deepanker Verma June 11, 2021 Security

Add Techlomedia as a preferred source on Google.

For getting a Covid-19 vaccine shot, you need to first register yourself in the CoWIN portal. This step is mandatory and you need to enter your name, phone number, and photo id proof. The CoWIN portal also asks for a pin code to guide you to the nearest vaccine center.

Now a group of hackers is selling 150 million Indian citizen’s data who got vaccinated. The hacked data include Name, Mobile Number, Aadhaar ID, state and GPS location. They are selling 150 million records for $800. The listing also makes it clear that they are reselling the data. It means someone else hacked and acquired the data.

There’s one thing that also caught my attention. Hackers claim that the data include GPS pin-point location while the app or CoWIN portal doesn’t collect this data. You have to manually enter the pin code to access the list of available Covid vaccine centers around your area.

https://twitter.com/darktracer_int/status/1402966326390394886

After this news broke, the health ministry and security researchers have ruled out any possibility of such a hack. RS Sharma, who heads the CoWIN portal also gave a media statement confirming the data is safe.

“No Co-WIN data is shared with any entity outside the Co-WIN environment. The data is claimed as having been leaked such as geo-location of beneficiaries is not even collected at Co-WIN. The news prima facie appears to be fake,” said RS Sharma. He further confirmed that the Computer Emergency Response Team of MeitY has already asked to investigate the issue as a precautionary measure.

He further stated that many users who claimed to be hackers usually post fake data leaks to scam people. They take Bitcoin payment and disappear. He also gave an example of how the Leak Market listing has listed some fake data breaches on the sidebar. For example, the market also lists leak documents of SBI YONO but the platform was actually never hacked.

Check the sidebar in the above snapshot. This site even lists MobiKwik Leaked Data but hackers, who actually hacked the MobiKwik data, deleted it. Similarly, I never heard about Tata Communications and Upstox leaked. So, this listing is most probably fake one.

Follow Techlomedia on Google News to stay updated.

Affiliate Disclosure:

This article may contain affiliate links. We may earn a commission on purchases made through these links at no extra cost to you.

About the Author: Deepanker Verma

Deepanker Verma is the Founder and Editor-in-Chief of TechloMedia. He holds Engineering degree in Computer Science and has over 15 years of experience in the technology sector. Deepanker bridges the gap between complex engineering and consumer electronics. He is also a a known Security Researcher acknowledged by global giants including Apple, Microsoft, and eBay. He uses his technical background to rigorously test gadgets, focusing on performance, security, and long-term value.