Technology News

CoWIN Data Breach: Government Responds, Says no Direct Breach of CoWIN App or Database

According to the government, CoWIN data access is available at three levels — the vaccine recipient, an authorised vaccinator, and third-party apps.

Written by David Delima, Edited by Siddharth Suvarna | Updated: 12 June 2023 18:53 IST
CoWIN Data Breach: Government Responds, Says no Direct Breach of CoWIN App or Database

Photo Credit: Reuters

The government has clarified there are no public APIs offering access to data without an OTP

Highlights
  • The government has denied any breach of CoWIN databases
  • CoWIN data can be accessed at three levels, as per the government
  • CERT-In shared its findings after the alleged data breach surfaced online
Advertisement

The government on Monday responded to reports of an alleged data breach of the CoWIN database, stating that the data appeared to have been sourced from a different database containing information stolen in the past. The response follows reports that an automated bot on Telegram was surfacing personal details of people who had registered with the CoWIN platform to receive COVID vaccinations during the pandemic. The government has also claimed that it did not appear that the CoWIN app or database had been directly breached.

Hours after reports of the alleged data breach, Minister of State for Electronics and Technology Rajeev Chandrasekhar stated on Twitter that the Indian Computer Emergency Response Team (CERT-In) had responded and reviewed the reports of breaches that surfaced on social media on Monday. The minister stated a Telegram bot was sharing CoWIN app details when a phone number was entered. The bot was reportedly taken down shortly after it was discovered and covered by news outlets on Monday.

According to Chandrasekhar, the bot was accessing data from a threat actor database. The information available in this database appears to have been sourced from data stolen in the past from an older breach. However, the minister did not share additional details of the previous breach, including whether it was another government entity, whether it was detected before Monday. and whether it was disclosed by CERT-In.

In his tweet, Chandrasekhar also stated that it did not appear that either the CoWIN app or database were directly breached. The minister has not revealed details of how the CoWIN details of users who registered with the platform were available when both the CoWIN app and website were not directly affected by a data breach. 

Meanwhile, the government issued a press release stating that CoWIN data access was available at three levels — the vaccine recipient, the authorised vaccinator, and third-party applications that had API-based (application programming interface) access that only works via user one-time password (OTP) authentication. The government states that the platform logs each attempt by an authorised vaccinator to access the CoWIN system.

The government also states that data from the CoWIN platform could not be shared to an automated bot without an OTP sent to the vaccine recipient as there was no public API with such a level of access. Similarly, the system did not record a recipient's address and only recorded the year of birth for vaccination, unlike the posts shared on social media that show the bot responded with the vaccine recipient's date of birth.  

CoWIN's development team also confirmed that some APIs were shared with third parties like the Indian Council for Medical Research (ICMR) and requests were only accepted by a trusted API whitelisted by the CoWIN application — which suggests there was at least one API that could access data without an OTP. CERT-In has been asked by the Union Health Ministry to investigate the issue and submit a report on its findings, according to the government.

Apple unveiled its first mixed reality headset, the Apple Vision Pro, at its annual developer conference, along with new Mac models and upcoming software updates. We discuss all the most important announcements made by the company at WWDC 2023 on Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.
Affiliate links may be automatically generated - see our ethics statement for details.
Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: CoWIN, Data Breach, India, Cert In
David Delima
David Delima
As a writer on technology with Gadgets 360, David Delima is interested in open-source technology, cybersecurity, consumer privacy, and loves to read and write about how the Internet works. David can be contacted via email at DavidD@ndtv.com, on Twitter at @DxDavey, and Mastodon at mstdn.social/@delima. More
Samsung Galaxy S23 FE Bags Battery Certification in South Korea, Could Launch Soon: Report
DeFi Protocol Sturdy Finance Loses Around $775,000 in ETH in Hack Attack

Related Stories

CoWIN Data Breach: Government Responds, Says no Direct Breach of CoWIN App or Database
Comment
Share on Facebook Gadgets360 Twitter Share Tweet Snapchat Share Reddit Comment google-newsGoogle News
 
 

Advertisement

Featured
Follow Us
Latest Videos
More Videos
Tech News in Hindi
More Technology News in Hindi

Advertisement

Popular on Gadgets
Latest Gadgets
Popular Mobile Brands
#Trending Stories
  1. Redmi Note 13 Pro+ 5G World Champions Edition Coming to India on This Date
  2. WhatsApp Says It Will Exit India If Asked to Break Encryption: Report
  3. Vivo X100 Ultra, Vivo S19 Series Certified Ahead of China Debut
  4. Oppo Find X7 Ultra Review
  5. Samsung Galaxy S24 FE Spotted Online With Moniker and Model Numbers
  6. Google Pixel 8a AI Features, Software Support Details Leaked
  7. Realme C65 5G With MediaTek Dimensity 6300 SoC Debuts in India: See Price
  8. Snapdragon X Elite Beats Apple's M3 Chip in This Geekbench Test
  9. Top OTT releases this week: Laapataa Ladies, Dil Dosti Dilemma and More
#Latest Stories
  1. Google Pixel 8a Video Showing AI Features Leaks; Promotional Images Indicate 7-Year Software Support
  2. Vivo X100 Ultra, Vivo S19 and Vivo S19 Pro Bag 3C Certification Ahead of Anticipated Launch in China
  3. Apple Renews Talks With OpenAI for iPhone Generative AI Features
  4. Samsung Galaxy Z Fold 6 Ultra to Launch Just in South Korea; Galaxy Watch Ultra in Works: Report
  5. WhatsApp Goes: Platform Reportedly Warns It Will Exit India If Asked to Break End-to-End Encryption
  6. Redmi Note 13 Pro+ 5G World Champions Edition Design Teased; to Launch in India on April 30
  7. Samsung Galaxy S24 FE Moniker and Model Numbers Reportedly Spotted Online
  8. Google Meet Introduces ‘Switch Here’ Feature That Lets Users Switch Devices Without Leaving a Call
  9. HMD's Self-Branded Smartphone to Launch in India; Details to Be Revealed on April 29
  10. Google Gemini Reportedly Expands to Android 10 to Support Older Smartphones
Gadgets 360 is available in
Follow Us
Download Our Apps
App Store App Store
Available in Hindi
App Store
© Copyright Red Pixels Ventures Limited 2024. All rights reserved.
Trending Products »
Latest Tech News »