News18 could not independently verify the claims and has reached out to the MiETY and CERT-In. Reports, however, pointed out that this could have happened due to a security breach related to the CoWIN portal where all these details were availableNews 

Expert Warns of Data Breach After Telegram Bot Exposes Personal Info Shared on CoWIN

Recent reports and social media posts have indicated that personal information of Indians, such as their Aadhaar and passport details, phone number, date of birth, and gender, were briefly accessible on the Telegram app. This has raised concerns about a security breach related to the CoWIN portal, where all of this information was stored.

It was found that if the communication bot was given a phone number, it provided all of this information, including the location where the Covid vaccination was administered. Apparently the bot wasn’t working this morning. According to reports and screenshots shared on social media, the list of popular people whose information has been leaked includes Meenakshi Lekhi, P Chidambaram, K C Venugopal, Veena George, Jairam Ramesh, Kalvakuntla Taraka Rama Rao aka KTR, K Annamalai and Harsh Vardhan .

ReturnByte could not independently confirm the claims and has contacted the Ministry of Electronics and Information Technology (MeitY) and Computer Emergency Response Teams of India (CERT-In) for further understanding.

Indian Express reported that the Center is conducting an investigation into the alleged breach and who accessed the data.

Supreme Court lawyer and cybersecurity expert Dr. Pavan Duggal called this case a “wake-up call.” “There are question marks in the information that has become public knowledge, because such details would otherwise not be available in this form. At first glance, it looks like some kind of data breach.”

“If such data is generated, it clearly indicates a connection to the CoWIN database. But only a proper criminal investigation would reveal whether it is a critical infrastructure breach or not and CERT-In can also do a cyber security analysis,” he said.

WHAT HAPPENED IN 2021?

In 2021, when reports claimed a possible Cowin data breach had occurred, the government had denied the claims.

RS Sharma, CEO, National Health Authority had assured the CoWIN portal and stated that it has state-of-the-art security infrastructure and has never suffered a security breach.

“Citizens’ CoWIN information is absolutely #safe and #protected. No news about the CoWIN data leaks is worth it,” he tweeted.

ABSOLUTE SECURITY MYTH

However, Dr Duggal said there is no such thing as absolute security and what was secured yesterday may not be secured today or tomorrow. “If anyone says we’re 100% secure, that’s not true. But we need to find loopholes that cybercriminals can potentially exploit,” he added.

According to a cyber expert, only research can tell whether the latest findings are the result of another hack or the 2021 data breach, but it is a serious case. “This data, which includes all kinds of personal information, can be used by other cybercriminals to carry out targeted attacks,” he said.

Related posts

Leave a Comment