CoWIN data hacked? Govt says data breach reports appear fake, MeitY to investigate
CoWIN data breach rumours began to do the rounds on Twitter on Friday evening, after claims that the data of 150 million people was available for sale. Here's what a security researcher and the health ministry said.
The Union Health Ministry on Friday stated that reports of an alleged breach of data related to the vaccination status and personal information of 150 million Indians prima facie appeared to be fake, following reports of a data breach that began to do the rounds earlier in the day.
On Friday, a website called Dark Leak Market was reportedly selling a database of COVID-19 vaccinated Indian users with a price of $800 mentioned on the website, according to a report by Moneycontrol. While the website stated that it was not the “original leaker” of the data, it claimed to have information including the vaccination data of 150 million people including their names, Aadhaar numbers and their locations, the report states.
At 10:34 PM on Friday, Minister for Health & Family Welfare Dr Harsh Vardhan tweeted: Reports of (the) CoWIN platform being hacked, prima facie appear to be fake. Out of abundant precaution, (an) emergency response team of (the Ministry of Electronics & IT, or MeitY) is investigating the matter. Data speculated to have been leaked such as geo-location of beneficiaries, is not even collected on Co-WIN.”
All data on #CoWIN is stored in a secure digital environment and is not shared with anyone outside of it.@PMOIndia @MoHFW_INDIA @PIB_India #Unite2FightCorona #IndiaFightsCorona #IndiaFightsCOVID19
— Dr Harsh Vardhan (@drharshvardhan) June 10, 2021
“All data on #CoWIN is stored in a secure digital environment and is not shared with anyone outside of it,” Dr Harsh Vardhan said in a follow-up tweet. Meanwhile, independent security researcher Rajshekhar Rajaharia tweeted that the CoWIN portal was not actually hacked, but that the claim of the data breach on the platform (by a dark web portal that claimed to be “reselling” the data) was actually a “Bitcoin scam”.
This market is frequently posting fake data leaks and scamming people. They are just taking Bitcoin for nothing. Data Sample also not available anywhere.#InfoSec #DataLeak https://t.co/kczBywifcJ
— Rajshekhar Rajaharia (@rajaharia) June 10, 2021
Rajaharia also tweeted images that claimed the “leaked documents” posted on the site about previous data leaks were fake – such as the controversial Mobikwik hack, which he claims isn't available on the dark web – and SBI YONO, which has not suffered any known breaches yet. “This market is frequently posting fake data leaks and scamming people. They are just taking Bitcoin for nothing,” he explained, adding that there was no data sample available to verify the authenticity.
It is important to remember that Co-Win did not even have a privacy policy till the High Court of Delhi issued directions on June 2, 2021. https://t.co/MDbiXGQvGP
— Apar (@apar1984) June 10, 2021
Meanwhile, lawyer and IFF head Apar Gupta urged caution, stating that it was necessary for the Indian government's Computer Emergency response team (or Cert-in) to step in and independently investigate and verify the issue. He also pointed out that CoWIN did not have a privacy policy until the Delhi High Court issued directions on June 2. “We must resist the temptation to issue a blanket denial. Investigate, verify, please!” he tweeted on Friday evening. Gupta later retweeted Rajaharia's claim that the leak was a hoax, stating “it does focus the conversation on data leaks. We do need breach notification obligations”.
Catch all the Latest Tech News, Mobile News, Laptop News, Gaming news, Wearables News , How To News, also keep up with us on Whatsapp channel,Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.