CoWIN Data Breach

M

MadAxe

Adept
www.business-standard.com

CoWin Data breach: Personal data of Covid vaccine recipients leaked on Telegram

CoWin Data Leak: Crucial information like a person's phone number, gender, ID card information and date of birth can be received from a Telegram bot just by entering a person's name
www.business-standard.com www.business-standard.com
www.livemint.com

CoWIN data leak! Aadhaar, PAN Card info of Covid vaccine receivers on Telegram

Personal information of Indian citizens, including Aadhaar and PAN card details, are reportedly available on Telegram due to a data breach caused by the CoWIN portal
www.livemint.com www.livemint.com
www.thenewsminute.com

Major data breach: Info of Indians who took Covid vaccine made public by Telegram bot

The private information of the lakhs of citizens, who registered on the CoWIN app to get their COVID-19 vaccination, appears to have been leaked to private play
www.thenewsminute.com www.thenewsminute.com
 
Cheap out more of giving contract to shiity it shell companies run by friends and family members,save penny ammount of money risk valueable citizens private information then shhhhhhhhh.
 
People will be getting more spam calls now. That is the motive. A database of live numbers that can be used to push all manner of things

I don't see anything more ulterior here.

How do you defend from inside jobs like this? Encrypting all that info could help. We're not at that point yet and products that will do this or are designed to do this likely cost more

The reason it was leaked is the ransom was refused. Was that the right call? depends on the org.
 
letmein said:
No leak of users' data from CoWIN portal, adequate safety measures in place: Govt

www.moneycontrol.com

No leak of users' data from CoWIN portal, adequate safety measures in place: Govt

A government source said all application programming interfaces (API) associated with CoWIN are being looked over, and the Health Ministry is expected to post a clarification in this regard.
www.moneycontrol.com www.moneycontrol.com
Click to expand...
Resonse has been as expected.
What could be the ramifications for users keeping in mind that this CoWin was pervasive enough in terms of permissions and collected a lot of data from the app?
Just one more source of spam or something more severe?
gourav said:
Any data with the government is public data (except electoral bonds and PM Cares money).

If you just keep the above attitude, life will be a lot less stressful, you'll never have to worry about the privacy of your data.
Click to expand...
True.
 
ashokbishnoi said:
Resonse has been as expected.
What could be the ramifications for users keeping in mind that this CoWin was pervasive enough in terms of permissions and collected a lot of data from the app?
Just one more source of spam or something more severe?

True.
Click to expand...
This is why I never installed the app. Got the vaccine by registering on their website, never used the app.
 
rajanmehta said:
https://twitter.com/i/web/status/1668221201075023873

Minister for IT has already confirmed data theft from cowin in the past in his tweet
Click to expand...
Since its previously stolen data, no data has been stolen. LOL
These are the most pathetic incompetent bunch of people to have ever been in govt. When will Indians come above H1ndu-Mooslim bullshit and throw these guys out. Not one news is good . Plus they hide data, obfuscate, confuse, relase multiple different versions of stories. Then the defence minister will talk about finance . Finance will talk about health.

This seems to be criminal incompetence. And their only skill is in getting away inspite of being incompetent.
 
ashokbishnoi said:
What could be the ramifications for users keeping in mind that this CoWin was pervasive enough in terms of permissions and collected a lot of data from the app?
Just one more source of spam or something more severe?
Click to expand...
Gave my answer, what do others have to say
rajanmehta said:
Minister for IT has already confirmed data theft from cowin in the past in his tweet
Click to expand...
Good, they have acknowledged it and will have to act on it
 
I never installed the app. But this is strange. It reminds me of something similar about AADHAAR Database and Koo App DB being weak and data publicly accessible, that happened a few years back and was reported by Elliot Alderson, the French WH Hacker
Data was never secure in today's world. But governments need some form of law that applies to every entity and is liable for action. That's my opinion
If you wanna read further.
 
ashokbishnoi said:
What could be the ramifications for users keeping in mind that this CoWin was pervasive enough in terms of permissions and collected a lot of data from the app?
Click to expand...
phone numbers: more spam - its not like we dont get any right now, if you have true caller or something similar you are fine
pan card numbers: can we used to query your financial info but without email or sms otp wont work
name, DOB, blood group,gender: its PII which can be used for targetted phishing but most of us are not worth that kinda sophisticated attack so unlikely

If someone was specifically targetting you, all this info could be useful to build a profile and then do some kinda attack on you. I am not downplaying the leak, just thinking out loud what are ramifications.
 
Back
Top