Govt Refutes CoWIN Data Breach Allegations, Says Platform Foolproof

Govt Refutes CoWIN Data Breach Allegations, Says Platform Foolproof

SUMMARY

Union minister Rajeev Chandrasekhar said that it does not appear that the CoWIN app or database was directly breached

The data being accessed by a Telegram bot from a threat actor database seems to have been populated with previously stolen data stolen, the minister said

Among other details that have allegedly been compromised are the phone number, date of birth, and the last four digits of the Aadhaar number of citizens, which are being circulated on some social media platforms

After reports of an alleged data breach on the CoWIN platform surfaced on Monday (June 12) morning, union minister Rajeev Chandrasekhar said that it does not appear that the CoWIN app or database has been directly breached.

“With reference to some alleged CoWIN data breaches reported on social media, the Indian Computer Emergency Response Team (Under Ministry of Electronics and Information Technology) has immediately responded and reviewed this,” the minister tweeted.

According to the minister, a Telegram Bot was throwing up CoWIN app details upon entry of phone numbers. However, the data being accessed by the bot from a threat actor database seems to have been populated with previously stolen data stolen, the minister added.

“It does not appear that the CoWIN app or database has been directly breached,” he said.

In a separate statement, the health ministry said that all such reports on CoWIN data breach are without any basis and mischievous in nature.

As per some media reports, data of citizens who have received Covid vaccination in the country has been breached. Among other details that have allegedly been compromised are the phone number, date of birth, and the last four digits of their Aadhaar number, which are also being circulated on some social media platforms.

CoWIN portal is a repository of all data of beneficiaries who have been vaccinated against Covid19.

It was alleged that using a Telegram BOT, the personal data of individuals who have been vaccinated is being accessed.

“CoWIN portal of the health ministry is completely safe with adequate safeguards for data privacy. Furthermore, security measures are in place on the CoWIN portal with web application firewall, anti-DDoS, SSL/TLS, regular vulnerability assessment, identity and access management, etc. Only OTP authentication-based access to data is provided. All steps have been taken and are being taken to ensure the security of the data in the CoWIN portal,” the ministry said in a statement.

The ministry also added that the development team of CoWIN has confirmed that there are no public APIs where data can be pulled without an OTP.

“In addition to the above, there are some APIs which have been shared with third parties such as ICMR for sharing data. It is reported that one such API has a feature of sharing the data by calling using just a mobile number of Aadhaar. However, even this API is very specific and the requests are only accepted from a trusted API which has been white-listed by the CoWIN application,” the ministry added.

While the health ministry requested the Indian Computer Emergency Response Team to look into the matter and submit a report, an internal exercise has also been initiated to review the existing security measures of CoWIN.

Note: We at Inc42 take our ethics very seriously. More information about it can be found here.

You have reached your limit of free stories
Become An Inc42 Plus Member

Become a Startup Insider in 2024 with Inc42 Plus. Join our exclusive community of 10,000+ founders, investors & operators and stay ahead in India’s startup & business economy.

2 YEAR PLAN
₹19999
₹7999
₹333/Month
UNLOCK 60% OFF
Cancel Anytime
1 YEAR PLAN
₹9999
₹4999
₹416/Month
UNLOCK 50% OFF
Cancel Anytime
Already A Member?
Discover Startups & Business Models

Unleash your potential by exploring unlimited articles, trackers, and playbooks. Identify the hottest startup deals, supercharge your innovation projects, and stay updated with expert curation.

Govt Refutes CoWIN Data Breach Allegations, Says Platform Foolproof-Inc42 Media
How-To’s on Starting & Scaling Up

Empower yourself with comprehensive playbooks, expert analysis, and invaluable insights. Learn to validate ideas, acquire customers, secure funding, and navigate the journey to startup success.

Govt Refutes CoWIN Data Breach Allegations, Says Platform Foolproof-Inc42 Media
Identify Trends & New Markets

Access 75+ in-depth reports on frontier industries. Gain exclusive market intelligence, understand market landscapes, and decode emerging trends to make informed decisions.

Govt Refutes CoWIN Data Breach Allegations, Says Platform Foolproof-Inc42 Media
Track & Decode the Investment Landscape

Stay ahead with startup and funding trackers. Analyse investment strategies, profile successful investors, and keep track of upcoming funds, accelerators, and more.

Govt Refutes CoWIN Data Breach Allegations, Says Platform Foolproof-Inc42 Media
Govt Refutes CoWIN Data Breach Allegations, Says Platform Foolproof-Inc42 Media
You’re in Good company