A massive data breach of the CoWIN portal, the central platform for COVID-19 vaccination registration in India, has put the personal data of Indian citizens at risk.
The alleged CoWIN data breach has put the personal information of every Indian citizen who is registered with the CoWIN portal available on messaging app Telegram. According to the official portal, CoWIN boasts a user base of over one billion registered users.
Political leaders and privacy watchers have started sharing the screenshots of the apparent leaked data.
According to regional political leader Saket Gokhale, when a mobile number registered with the CoWIN portal is entered into a Telegram bot, it discloses the number of the ID card used for vaccination, along with details such as gender, year of birth, and the name of the vaccination center where the individual received their doses.
Moreover, this data leak has also exposed the Aadhaar card, Voter ID, and PAN Card numbers of thousands of Indian citizens, rendering them accessible to anyone on Telegram.
Aadhaar is a 12-digit unique identity number issued to the citizens of India and resident foreign nationals, based on their biometric and demographic data.
The Cyber Express team has reached out to the Ministry of Health and Family Welfare to confirm the CoWIN data breach. However, at the time of writing, no official response had been received.
CoWIN Data Breach: Personal information exposes via Telegram bot
The CoWIN data breach doesn’t stop here. Various news reports have confirmed that if multiple individuals had registered from the same mobile number, the Telegram bot would reveal the details of all individuals in one go.
This means that if a family had booked vaccine slots for multiple members using the same mobile number, their personal information would be exposed collectively.
Personal identification information of several top political leaders including India’s Former Union Minister P. Chidambaram, Secretary of the Union Health Ministry, Rajesh Bhushan and his wife, Ritu Khanduri Bhushan who is a Member of the Legislative Assembly from Uttarakhand, Central opposition leaders Jairam Ramesh and K.C. Venugopal, have been exposed.
While the CoWIN portal supposedly had a One Time Password (OTP) security system, it remains unclear how this data leak occurred on Telegram.
Earlier, a report in 2022 had claimed that an Iranian hacker had gained access to sensitive data from the CoWIN platform and was attempting to sell it on the dark web. However, an ethical hacker, Sunny Nehra, doubted these claims’ genuineness.
Nehra, the founder of the computer security service Secure Your Hacks, analyzed the data the purported Iranian hacker provided and found discrepancies.
The hacker claimed to possess admin access to the CoWIN platform and wanted to sell it on the dark web, along with sensitive data of healthcare workers.
However, The Times of India reported that Nehra only questioned why the hacker only had data from 5,000 users if they had admin access to the CoWIN platform.
Furthermore, Nehra pointed out that the COVID-19 screenshot shared by the hacker appeared from an outdated and broken page of the Andhra COVID-19 website.
The information provided in that demo section of CoWIN pertained to users from specific regions in Karnataka. This suggests the screenshot might be from a local database or a localized breach rather than the main CoWIN website.
Nehra also highlighted that the threat actor behind this incident seemed to be a relatively new player with a limited reputation in the hacking community. He even conversed with the hacker and discovered that the individual was impersonating a well-known hacker.
The CoWIN hacking incident and the need for better security measures
The CoWIN hacking and data breach incidents put sensitive data at risk. The authorities must investigate this breach thoroughly, identify the vulnerabilities in the system, and take immediate steps to strengthen the security infrastructure to prevent such incidents in the future.
The privacy and personal information of Indian citizens must be safeguarded, and trust in the CoWIN platform must be restored.
The CoWIN data breach incident has raised concerns over the portal’s security and the rise of hackers targeting Indian government and institutions.
The accessibility of Aadhaar cards, Voter IDs, and PAN Card numbers on Telegram is a grave matter that demands urgent attention.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
