CoWIN data breach: Here’s what cyber-security experts have to say on CoWIN data breach

/in


A day after an alleged data breach on Co-WIN portal was reported, analysts say that the hackers do not have access to the entire CoWIN portal nor to the backend database.

The hacker was sharing personal information such as mobile numbers, and Aadhar numbers of those who have registered themselves on the CoWIN portal for their vaccinations.

CloudSEK, a cyber-security company, discovered a threat actor advertising a Telegram bot that offered personally identifiable information (PII) data of Indian citizens.”It is believed that the threat actors have obtained multiple credentials belonging to health workers, which they could have used to access the CoWIN portal and its associated data,” according to researchers.

The Union Ministry of Health and Family Welfare (MoHFW) on Monday dubbed the alleged data breach of Covid-19 vaccine beneficiaries as “mischievous in nature”, saying that the CoWIN portal is completely safe with adequate safeguards for data privacy.

The Ministry also said that it has requested the Indian Computer Emergency Response Team (CERT-In) to look into this issue and submit a report, besides initiating an internal exercise to review the existing security measures of CoWIN. As per their statement, data could only be accessed only from OTP and thus, it is not possible to get personal details of the beneficiaries of the vaccinations.

CERT-In in its initial report has said that the ‘backend database for the Telegram bot was not directly accessing the APIs of the CoWIN database.’ In response to the data leak, Rajeev Chandrasekhar, Union Minister of State for Electronics and IT, said that it does not appear that the CoWIN app or database has been directly breached. On March 13, 2022, a threat actor on a Russian cybercrime forum advertised compromised access to the CoWIN portal, sharing a screenshot of the CoWIN database portal affecting the Tamil Nadu region.

“There are numerous healthcare worker credentials available on the Dark Web for the CoWIN portal, highlighting the need for better endpoint security measures for healthcare workers,” the team highlighted. They added that it might be through the credentials of the health workers which were compromised and would have been…

Source…