CoWIN Data Breach: Everything you need to know

data breach

Yesterday, several media houses reported about CoWIN Data Breach. As per reports, a Telegram bot was selling data of Indian citizens on a Telegram channel. The data includes name, address, DOB, PAN Number, and Aadhar number.

It was claimed that the data of CoWIN was breached. The data also included Passport Numbers of users who added their passport numbers to the CoWIN portal for international travel. You just need the phone number or Aadhaar number for getting the personal details of a person. If you enter the phone number or Aadhaar number, it will disclose the number of the ID card used for vaccination along with other data.

This Telegram bot ‘Truecaller’ was created on June 1 and was being run by an account called ‘hak4learn’. After the news became viral, the bot was deleted on June 12.

Ministry of Health also issued a statement on Twitter. The ministry claimed that all the reports are mischievous in nature. The CoWIN portal is completely safe. It has also requested CERT-In to look into this issue & submit a report.

In the initial report, CERT-In pointed out that Telegram Bot was not directly accessing the APIs of the CoWIN database. But, the question still remains unanswered. If the bot wasn’t accessing CoWIN API, how did it access the data?

Ministry also confirmed that the CoWIN portal only captured the Year of Birth for adult vaccination. Then how could the bot return date of Birth? So, this data can’t be from the CoWIN portal.

It is worth noting that a hacker group named ‘Dark Leak Market’ was selling data of about 15 crore Indians who were registered on the CoWIN portal. Health Ministry denied the claim at that time.

We still have so many questions unanswered.

  • If the CoWIN portal wasn’t breached, who does this data belong to?
  • How did hackers obtain this data?
  • What could be the impact of this data breach?

There is a possibility that the data was obtained in some other data breach and is now being sold as CoWIN data. So, there should be a proper investigation of this matter.

Personal information is with hackers and is being sold. This data can be used in social engineering attacks and phishing attacks to further harm Indian citizens whose data is in this leaked dataset. So, Indian citizens should be careful.

Share this article
Shareable URL
Prev Post

Microsoft introduces Xbox Series S Carbon Black Edition with 1TB storage

Next Post

Xiaomi Pad 6 with 11-inch 2.8K 144Hz display, Snapdragon 870 launched in India starting at Rs. 26999

Leave a Reply
Read next
Subscribe to our newsletter
Get notified of the best deals on our WordPress themes.