Government alleges data leak in CoWIN app due to Telegram bot. Find out more about the potential security breach and its implications.
The Government has revealed a significant development: a data breach on the CoWIN portal exposing users’ sensitive information. This alarming incident poses a critical national security concern for Indian citizens. Find out the details disclosed by the Indian Government in this article.
Millions of users impacted by CoWIN data breach
According to widespread claims on social media, a Telegram bot exposed sensitive data when users queried individual phone numbers. The leaked information included names, Aadhaar numbers, PAN numbers, dates of birth, locations, genders, and vaccination institute details. These are the same details users provided during CoWIN app registration.
For those unfamiliar, CoWIN is the Indian government’s web portal for COVID-19 vaccination registration, operated by the Ministry of Health and Family Welfare.
Union Minister of State for Entrepreneurship, Skill Development, Electronics & Technology, Rajeev Chandrasekhar, confirmed this through a tweet. However, he clarified that the bot accessed “previously stolen data” and emphasized that the CoWIN database or app itself was not directly breached. To reassure the public, he stated that a National Data Governance policy with unified storage, access, and security standards has been implemented across all government entities.
With ref to some Alleged Cowin data breaches reported on social media, @IndianCERT has immdtly responded n reviewed this
✅A Telegram Bot was throwing up Cowin app details upon entry of phone numbers
✅The data being accessed by bot from a threat actor database, which seems to…
— Rajeev Chandrasekhar 🇮🇳 (@Rajeev_GoI) June 12, 2023
The CoWIN data breach fiasco has prompted the Ministry of Health and Family Welfare to issue a statement. The ministry assures that various security measures, including Web Application Firewalls, Anti-DDOS protocols, and SSL/TLS protocols, are in place to combat external threats. OTP Authentication is required for accessing any data, ensuring enhanced security.
According to the MoHFW, the Co-WIN portal is fortified with security measures such as Web Application Firewall, Anti-DDoS, SSL/TLS, regular vulnerability assessments, Identity & Access Management, and more.
Despite claims of a breach being seemingly impossible due to the absence of a public API for the CoWIN app, the MoHFH has initiated actions. The Indian Computer Emergency Response Team (CERT-In) will investigate the issue, and an internal security committee will review it.
Any form of data breach raises concerns, especially when it involves billions of individuals. We hope that the damage is minimal and that swift measures are taken to neutralize the threat. We invite you to share your thoughts on this development and the precautions you take to protect yourself from online threats. Leave your comments below.
