Get all your news in one place.
100’s of premium titles.
One app.
Start reading
The Hindu
The Hindu
National
Bindu Shajan Perappadan

CoWIN breach didn’t have access to entire portal nor the backend database, says report

The Covid Vaccine Intelligence Network (CoWIN) data breach “didn’t have access to the entire portal nor the backend database,” concluded an analysis done by CloudSEK, a contextual AI company that works in cyber security.

It, however, added that the real source of the Telegram bot is unknown, and the bot had version 1 only displaying personal information based on phone number while version 2 claimed to be Truecaller bot that also contained personal information of the individuals.

“The bot is currently down and might come up later as mentioned by the admin of the channel,” said the report.

Also Read | CoWIN data leak from a non-governmental database operated by threat actor, says Union Minister

The analysis further explained that based on matching fields from Telegram data and previously reported incidents affecting health workers of a region, we assume the information was scraped through these compromised credentials.

“The claims need to be verified individually,” it said. 

The report further notes that CloudSEK’s contextual application programming interface digital risk platform XVigil discovered a threat actor advertising a Telegram bot that offered personally identifiable information (PII) data of Indian citizens who had allegedly registered vaccines from the CoWIN Portal.

It added that based on an Instagram post made in 2022, an account likely associated with the threat actor offered various scripts exploiting UPI payment gateways such as SBI, PayTM, Google Pay etc. 

Speaking about the recent alleged leaks it said that there are numerous healthcare worker credentials accessible on the dark web for the CoWIN portal. However, this issue primarily stems from the inadequate endpoint security measures implemented for healthcare workers, rather than any inherent weaknesses in CoWIN’s infrastructure security.

Citing an example it noted that on March 13, 2022, a threat actor on a Russian cybercrime forum advertised for compromised access on the CoWIN Portal of Tamil Nadu region and claimed to have compromised the CoWIN database.

“Upon analysis, we discovered the breach was that of a health worker and not really on the infrastructure. The content displayed on the screenshot matches with the Telegram bot mentioned in the media which includes — name of individual, mobile number, identity proof, identification number and number of dose completed,” it said.

The Company further said that the Covid data bot was offered by a channel that frequently shared hacking tutorials, resources, and bots for individuals to access and buy.

Initially, the bot was available for everyone to use, but it was later upgraded to be exclusive to subscribers. ``The upgraded version of the bot provided PII data, including Aadhar card numbers, Pan card, Voter ID, gender, and the name of the vaccination center, based on the inputted phone number,” it said.

Meanwhile despite the assurance experts and people from the healthcare industry said that the leak has brought in a sense of uncertainty.

“The breach has adverse implications for public health as it leaves the common man vulnerable. The breach exposes the affected individuals to various risks of data misuse. Citizens may start questioning the overall efficacy and security of digital platforms when such breaches occur, hindering efforts to foster a digital ecosystem and citizen trust. Also, in the wake of this breach, one crucial aspect that demands attention is determining who will take responsibility for this security lapse,” said managing partner of TMT Law Practice, Mr. Abhishek Malhotra, who works in data security.

Also Read | Threat actors do not have access to entire CoWIN portal, claims cybersecurity start-up 

Medical Technology Association of India Chairman, Pavan Choudary added “Health data is the most money-making data for hackers. Data regarding sexual and terminal diseases is what is used usually for coercive exploitation. If this breach is real, it is an alarm bell which may augur the possibility of identity thefts. And the government needs to ring fence all the data reservoirs. The recent attacks on AIIMS, ICMR, and now Co-WIN App, make the passage of the Data Protection Bill becomes ever more urgent.”

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.