The CoWIN Data Breach was covered by a number of news outlets. The information of Indian people was reportedly being sold by a Telegram bot on a Telegram channel. Names, addresses, dates of birth, Social Security numbers, and Aadhar numbers are all included.
According to the allegations, hackers compromised CoWIN’s data. Users’ passport numbers, if they had entered them into the CoWIN portal, were likewise recorded. A person’s identity may be accessed with simply a phone number or Aadhaar number. The vaccination ID number, along with other information, may be accessed by entering a phone number or Aadhaar number.
The Health Ministry also made a statement through Twitter. The government said that every single report was malicious. There is no risk in using the CoWIN portal. It has also asked CERT-In to investigate and report on the matter. CERT-In noted that the Telegram Bot did not directly use the CoWIN APIs in their original investigation. The matter, however, has yet to be resolved.
The Ministry also stated that the only information collected by the CoWIN site for adult immunisation was the recipient’s year of birth. If that’s the case, how might the robot provide a birth date? This information clearly did not come from the CoWIN database.
Approximately 15 crore Indians had their personal information stolen from the CoWIN site, and the hacking organisation Dark Leak Market was selling it. At the time, the Health Ministry rejected the assertion.