hometechnology NewsCoWIN data breach | Cybersecurity watchdog to probe claims that user information leaked on Telegram
CoWIN data breach | Cybersecurity watchdog to probe claims that user information leaked on Telegram
Reports and social media posts indicate a possible security breach of CoWIN vaccination data, with a Telegram bot allegedly exposing personal details based on registered mobile numbers. Government officials are investigating the claims while concerns rise about the protection of sensitive information.
After multiple reports and social media posts have red-flagged a possible security breach of CoWIN vaccination data, Rajeev Chandrasekhar, Minister of State for Electronics and Information Technology, said that the Indian Computer Emergency Response Team (CERT-In) — India's cybersecurity watchdog — is now looking into the matter.
The reports indicate that a bot on Telegram was churning out personal details based on the registered mobile number.
He added that it does not appear that CoWIN app or database has been directly breached and the data the bot shared seemed to have been from previous breach, the details of which he did not include.
As per reports, on entering the registered mobile number, the Telegram bot releases the name, gender, date of birth, address and Aadhaar or Passport number. The bot is claimed to have released data submitted at the time of vaccination.
In a 2021 reply in Parliament, the Union health ministry had said, "For data safety, the data is encrypted using a highly secure key, no unauthorised access to the database on AWS server is allowed and restricted access to relational database service (to decrease the risk of malicious activities). The CoWIN application follows the privacy policy as stated in National Digital Health Mission (NDHM)."
Saket Gokhale, a Trinamool Congress leader, shared redacted screenshots of the telegram bot on Twitter. His tweets claimed that he was able to source private details of senior opposition leaders like P Chidambaram, Jairam Ramesh, Derek O’Brien, Abhishek Manu Singhvi and KC Venugopal among others. He also shared redacted screenshots of the private details of senior journalists like Rajdeep Sardesai, Barkha Dutt and Rahuk Shivshankar.
There are several Opposition leaders which include:
1. Rajya Sabha MP & TMC Leader Derek O'Brien2. Former Union Minister P. Chidambaram3. Congress leaders Jairam Ramesh & K.C. Venugopal@derekobrienmp @PChidambaram_IN @Jairam_Ramesh @kcvenugopalmp(2/7) pic.twitter.com/JnD5EKhPBO— Saket Gokhale (@SaketGokhale) June 12, 2023
Senior Journalist B Sreejan also shared on Twitter redacted screenshots of personal information on Twitter. He shared screenshots of the bot releasing private information of MP and MOS External Affairs Meenakshi Lekhi. He also posted on the breach of private detail of Former National Health Authority CEO RS Sharma.
CNBC-TV18 was unable to independently verify the bot in action. Spooked by the reports of the data breach, the admin of the Telegram group has proceeded to take down the bot entirely. The bot is no longer available on Telegram.
CNBC-TV18 contacted cyber security professionals with reports of the data leak. They confirmed that when active, the Bot was releasing sensitive information.
First Published: Jun 12, 2023 2:00 PM IST
Check out our in-depth Market Coverage, Business News & get real-time Stock Market Updates on CNBC-TV18. Also, Watch our channels CNBC-TV18, CNBC Awaaz and CNBC Bajar Live on-the-go!
Phase five Lok Sabha polls: Rae Bareli, Amethi among 14 UP seats going to polls on Monday
May 19, 2024 1:03 PM
AAP protest walk: Arvind Kejriwal challenges BJP to arrest entire party, Delhi Police imposes Section 144
May 19, 2024 12:26 PM
Terror attacks in Kashmir raise concerns ahead of May 20 and May 25 election
May 19, 2024 12:15 PM