Reports claimed that a bot on the messaging app Telegram shared details of individuals who used the CoWin app to register for COVID-19 vaccinations. The Centre has said such claims are ‘without any basis and mischievous in nature’. What really happened?
Advertisem*nt
 "Has data from CoWin portal been leaked on Telegram? (1)")
On Monday, claims of a massive data breach from the CoWin app emerged.
Reports claimed that a bot on the messaging app Telegram shared details of individuals who used the CoWin app to register for COVID-19 vaccinations.
The Centre responded to the reports by vowing to look into the matter.
So, has data from CoWin been leaked on Telegram?
Advertisem*nt
Let’s take a closer look:
What happened?
The newspaper Malayala Manorama first reported that the Telegram bot leaked the data.
According to India Today, the bot when given a phone number responded with the name, address, Aadhaar number, passport number, voter ID, date of birth and place of vaccination.
If a particular number was used to register for vaccinations for an entire family, the bot would provide all the available details, as per India Today.
According to Mint, Opposition leaders including TMC’s Saket Gokhale highlighted this fact on social media.
Gokhale tweeted:
— Saket Gokhale (@SaketGokhale) June 12, 2023There are several Opposition leaders which include:
1. Rajya Sabha MP & TMC Leader Derek O'Brien
2. Former Union Minister P. Chidambaram
3. Congress leaders Jairam Ramesh & K.C. Venugopal@derekobrienmp @PChidambaram_IN @Jairam_Ramesh @kcvenugopalmp
Advertisem*nt
Firstpost could not independently verify these reports.
The Indian Express earlier in the day reported that a probe is on to determine the source of the alleged leak.
“We have certainly taken cognisance of the issue and have initiated a probe into the root cause and whether the data is coming from CoWIN or some other source,” a senior official from the Electronics and IT Ministry told Indian Express.
Advertisem*nt
“The information is being examined right now,” sources told India Today. “CoWIN does not collect the date of birth or address of the individual.”
According to CNBC, the admin of the Telegram group has now taken the bot offline.
The message on the group reads “Aadhaar and number search mode is not available right now”, according to Indian Express.
Advertisem*nt
Cybersecurity experts told CNBC that the bot was giving out sensitive information.
What does the Centre say?
According to News18, the Centre has called such reports “without any basis and mischievous in nature".
“The Co-WIN portal of Health Ministry is completely safe with adequate safeguards for data privacy. Furthermore, security measures are in place on Co-WIN portal, with Web Application Firewall, Anti-DDoS, SSL/TLS, regular vulnerability assessment, Identity & Access Management etc. Only OTP authentication-based access of data is provided. All steps have been taken and are being taken to ensure security of the data in the CoWIN portal," the ministry said.
Advertisem*nt
The government added that the data of the vaccinated cannot be shared with any bot without using an OTP.
Advertisem*nt
“Only Year of Birth (YOB) is captured for adult vaccination but it seems that on media posts it has been claimed that BOT also BOT mentioned the date of Birth (DOB),” the government said, as per Moneycontrol.
It added that there is no provision to capture the address of the beneficiary.
Government officials told CNBC TV-18 they found “discrepancies in data leak of the screenshots of the CoWIN app.”
Meanwhile, on Monday, Union Minister Rajeev Chandrasekhar on Monday said it does not appear that the CoWin app or database has been directly breached.
Advertisem*nt
He added that Indian Computer Emergency Response Team (CERT-In) immediately responded and reviewed the matter.
— Rajeev Chandrasekhar 🇮🇳 (@Rajeev_GoI) June 12, 2023With ref to some Alleged Cowin data breaches reported on social media, @IndianCERT has immdtly responded n reviewed this
✅A Telegram Bot was throwing up Cowin app details upon entry of phone numbers
✅The data being accessed by bot from a threat actor database, which seems to…
Advertisem*nt
“The data being accessed by bot from a threat actor database, which seems to have been populated with previously breached/stolen data stolen from past. It does not appear that CoWin app or database has been directly breached,” the minister said.
In 2021, it was alleged that the personal data of more than 150 million Indians was leaked online.
Advertisem*nt
The health ministry at the time denied the allegations.
In January 2022, National Health Authority CEO RS Sharma declared that CoWin has “state-of-the-art security infrastructure” and has “never faced a security breach”.
#CoWIN has state-of-the-art security infrastructure and has never faced a security breach. Data of our citizens on CoWIN is absolutely #safe and #secure. Any news about data leaks from CoWIN holds no merit.
— Dr. RS Sharma (@rssharma3) January 21, 2022
Advertisem*nt
But Supreme Court lawyer and cybersecurity expert Dr Pavan Duggal told News18 there is no such thing as ‘foolproof security’.
Advertisem*nt
“If any entity says we are 100 per cent safe, that is not accurate. But we have to find the loopholes which could potentially be misused by cybercriminals,” Dugal added.
With inputs from agencies
Read all theLatest News,Trending News,Cricket News,Bollywood News, India NewsandEntertainment Newshere. Follow us onFacebook,TwitterandInstagram.
Tags
TelegramCoWIN
Find us on YouTube
