Government to probe alleged CoWin data leak, MoS Rajeev Chandrasekhar says not a direct breach
Cert-In was asked to probe as to how a bot on the instant messaging app Telegram was able to provide details of a person’s vaccination date, the place where they were vaccinated against Covid-19, along with the date of birth of the person, the official said, adding that these details are likely from datasets that had been stolen earlier.
Later in the day, the minister of state for electronics and information technology Rajeev Chandrasekhar said that an initial probe from Cert-In had indicated that neither the Co-Win app nor the database had been breached.
“A Telegram Bot was throwing up Cowin app details upon entry of phone numbers. The data being accessed by bot from a threat actor database, which seems to hv been populated wth previously stolen data stolen in the past.It does not appear that Cowin app or database has been directly breached,” Chandrasekhar said in a tweet.
The ministry of family health and welfare also asserted that CoWin remained safe and that there had been no breaches.
Discover the stories of your interest
“The development team of COWIN has confirmed that there are no public APIs where data can be pulled without an OTP. In addition to the above, there are some APIs which have been shared with third parties such as ICMR for sharing data. It is reported that one such API has a feature of sharing the data by calling using just a mobile number of Aadhaar. However, even this API is very specific and the requests are only accepted from a trusted API which has been white-listed by the Co-WIN application,” the health ministry said in a statement.
For all the latest Technology News Click Here