CoWIN App Data Leak Due To Telegram Bot, Claims Government

The CoWIN app open on a mobile device, placed on a blue background

In a major turn of events, the Government’s CoWIN portal was the target of a data breach, outing sensitive personal details of users. This raises a huge National Safety and Security concern for the citizens of India. The Indian Government has now opened up about it. Keep reading to know more.

CoWIN Data Breach Affects Millions of Users

As per widespread claims on social media, a Telegram bot was able to reveal sensitive data about individuals, when inquired about an individual’s phone number. The bot leaked the name, Aadhaar number, Pan number, date of birth, location, gender, and institute where they got vaccinated. These details are the same that an individual had to enter while registering for the CoWIN app.

For the unaware, CoWIN is the Indian government web portal for COVID-19 vaccination registration. It is managed and operated by the Ministry of Health and Family Welfare.

The same has been confirmed by the Union Minister of State for Entrepreneurship, Skill Development, Electronics & Technology, Rajeev Chandrasekhar via a tweet. However, he claims that the data that was accessible to the bot was collected from “previously stolen data.” He further adds that the CoWIN database or the app has not been directly breached. To reassure the public, he has confirmed that a National Data Governance policy with unified Data storage, Access, and Security standards has been finalized across all of the Government.

The Ministry of Health and Family Welfare has further released a statement on the CoWIN data breach fiasco. The Ministry assures that adequate security measures like Web Application Firewalls, Anti-DDOS protocols, SSL/TLS protocols, and many more are in place to eliminate such external threats. The statement further confirms that no data can be accessed without OTP Authentication.

MoHFW said, “Security Measures are in place on the Co-WIN portal, with Web Application Firewall, Anti-DDoS, SSL/TLS, regular vulnerability assessment, Identity & Access Management, etc.

All in all, it is suggested that the breach is seemingly impossible as there is no public API for the CoWIN app available. However, the MoHFH has assured that the Indian Computer Emergency Response Team (CERT-In) will look into the issue and an internal security committee will be initiated to review the issue.

Data breach in any form is a matter of concern. And when it gets to the data of billions of people, the magnitude of the scenario is amplified tenfold. So, we hope that the damage isn’t serious and that steadfast measures will be taken promptly to neutralize the threat. So, what do you think of this new development? What measures do you take to protect yourself from online threats? Do comment down your thoughts below.

comment Comments 0
Leave a Reply