Website Claims CoWIN Data of 150 Million Users Is Available for $800; Government Denies

Website Claims CoWin Data of 150 Million Users Is Available for $800; Government Dismisses Claim

The news of a data breach of the CoWIN portal has been doing the rounds on the internet since yesterday, and it claims to have leaked the personal data of 150 million people on the dark web. The Indian Ministry of Health and Family Welfare has now refuted the claim and has started an investigation on the matter.

Government Dismisses CoWIN Data Breach Claims

The alleged CoWIN data leak includes name, phone number, Aadhaar ID, GPS, location, and state of citizens. However, in a press statement, the Indian government said that the reports of the CoWIN platform getting hacked are unfounded. In addition, the Computer Emergency Response Team of the Ministry of Electronics and Information Technology (MietY) has started an investigation on the claims.

We wish to state that Co-WIN stores all the vaccination data in a safe and secure digital environment. No Co-WIN data is shared with any entity outside the Co-WIN environment. The data being claimed as having been leaked such as geo-location of beneficiaries, is not even collected at Co-WIN,” said Dr. RS Sharma, Chairman of the Empowered Group on Vaccine Administration.

Apart from the Indian government, independent security researcher Rajshekhar Rajaharia says the CoWIN portal hack claims are fake. He even goes on to say it is a Bitcoin claim. Notably, the website that has listed the CoWIN data is a reseller. Even the sample data is behind a paywall for 0.0487972 BTC (~$179 or Rs. 13,000). This is unusual as most data leaks make the sample data available for free to prove the legitimacy.

From what it looks like, the COWIN data leak is likely a scam. We will have to wait to see if the government’s investigation offers more clarity in the coming days.

Leave a Reply