Technology
CoWIN Data Breach: Here's What We Know So Far
CoWIN app on phone.
A major data breach has recently come to light, raising concerns among Indian citizens who had provided their personal information on the CoWIN vaccination portal. The breach is said to have impacted not only ordinary individuals but also prominent political figures.
The leaked data, allegedly accessible to any user, has reportedly made its way onto the popular messaging platform Telegram.
According to a report, the breach has exposed sensitive details, including Aadhaar card and PAN card information, belonging to Indian citizens.
Users on Telegram can simply enter a mobile number registered with the CoWIN portal, and a Telegram bot will reveal the corresponding ID card used for vaccination, along with the individual's gender, birth year, name of the vaccination center, and the number of doses received.
The government has initiated an investigation into the matter.
Rajeev Chandrasekhar, the Minister of Electronics and Information Technology, has confirmed that a Telegram bot was able to access Cowin app details by simply entering phone numbers.
However, Chandrasekhar clarified that the breach did not occur directly within the Cowin app or its database. Instead, it appears that the data accessed by the bot originated from a separate threat actor database, potentially comprising previously breached or stolen data.
To address such cybersecurity concerns in the future, Chandrasekhar announced the finalization of the National Data Governance policy. This policy aims to establish a unified framework for data storage, access, and security standards across all government entities.
Meanwhile, the development team of COWIN has responded to the data breach incident. They have clarified that there are no public APIs available that allow data to be pulled without the requirement of an OTP (One-Time Password).
Additionally, certain APIs have been shared with third parties, such as the Indian Council of Medical Research (ICMR), for the purpose of data sharing. It has been reported that one of these APIs includes a feature that enables data sharing based on the mobile number or Aadhaar card.
However, the government has assured that even this particular API is highly specific and only accepts requests from trusted and whitelisted sources authorized by the Co-WIN application.
Support Swarajya's 50 Ground Reports Project & Sponsor A Story
Every general election Swarajya does a 50 ground reports project.
Aimed only at serious readers and those who appreciate the nuances of political undercurrents, the project provides a sense of India's electoral landscape. As you know, these reports are produced after considerable investment of travel, time and effort on the ground.
This time too we've kicked off the project in style and have covered over 30 constituencies already. If you're someone who appreciates such work and have enjoyed our coverage please consider sponsoring a ground report for just Rs 2999 to Rs 19,999 - it goes a long way in helping us produce more quality reportage.
You can also back this project by becoming a subscriber for as little as Rs 999 - so do click on this links and choose a plan that suits you and back us.
Click below to contribute.
Latest
