Rajeev Chandrasekhar said this in response to reports that a bot on messaging application on Telegram was releasing personal details of the users. He assured that there was no direct breach of either the Cowin App or database.
In response to the reports of vaccination and personal data being leaked online, the Minister of State (MoS) for Ministry of Electronics and Information Technology (MEITY) Rajeev Chandrasekhar shared on Twitter that while the Cowin database was secure, “previously stolen data” was being shared online.
In the Tweet, he assured that CERT-In was reviewing and responding to the reports of data breach. He added, “A Telegram Bot was throwing up Cowin app details upon entry of phone numbers. The data being accessed by bot from a threat actor database, which seems to have been populated with previously stolen data stolen in the past.”
In a second tweet on the issue, he clarified that “previously stolen data '' referred to “data from databases other than Cowin”.
He assured me that there was no direct breach of either the Cowin App or database.
The comments came to reports that a bot on messaging application on Telegram was releasing personal details like name, dob, gender, address, aadhaar number, and passport number, among other details. As per reports, feeding in the registered mobile number of a person would generate personal details.
Saket Gokhale, a Trinamool Congress leader, shared redacted screenshots of the telegram bot on Twitter. His tweets claimed that he was able to source private details of senior opposition leaders like P. Chidambaram, Jairam Ramesh, Derek O’Brien, Abhishek Manu Singhvi and KC Venugopal among others. He also shared redacted screenshots of the private details of senior journalists like Rajdeep Sardesai, Barkha Dutt and Rahuk Shivshankar.
In response, the health ministry stated that such reports were without basis and mischievous. Its statement read, “Co-WIN portal of the Health Ministry is completely safe with adequate safeguards for data privacy. Furthermore, security measures are in place on the Co-WIN portal, with Web Application Firewall, Anti-DDoS, SSL/TLS, regular vulnerability assessment, Identity & Access Management etc. Only OTP authentication-based access to data is provided. All steps have been taken and are being taken to ensure the security of the data in the CoWIN portal.”
The Health Ministry assured that without an OTP vaccinated beneficiaries’ data could not be shared with any bot.
First Published: Jun 12, 2023 7:22 PM IST
