CoWIN Data Breach

alekhkhanna said:
Well well well... What happens to stolen data you say ?

https://twitter.com/i/web/status/1670011818411012096

m.economictimes.com

GST evasion of Rs 30,000 crore unearthed

The identities of beneficiaries of PM Kisan and other social security schemes were allegedly used to operate 4,000 shell companies and 16,000 fake GST registrations.
m.economictimes.com m.economictimes.com

Using 18000 stolen PAN/Aadhar cards.
Click to expand...
Comments under that tweet are all partisan and useless

What damage is done to the people whose aadhar has been used this way? they're going to be getting some calls from the IT dept and be inconvenienced. But they are not going to be liable for anything.

Some people were made directors of the company and then got some intimation. Cat's out of the bag at that point.

This kind of scam is only good so long as it is not discovered. It will be harder to pull off in the future let alone at this scale

The idea that scams are harder to sustain when things go digital is somewhat true. Digital is better than paper as tracking was harder soo scams went undetected. That was the USP. More efficient.

Gotta admire the audacity of those who do not pay taxes yet successfully claim from the IT dept. These guys are legends :D
 
Last edited:
@blr_p
> What damage is done to the people whose aadhar has been used this way? they're going to be getting some calls from the IT dept and be inconvenienced. But they are not going to be liable for anything.

For many people, that 'minor inconvenience' you see becomes a life long problem when govt. and agencies work without enough seriosness.

> We need to go more into depth as to what the consequences of Aadhar number out there actually means.
> Right now, there is less of an idea and more fear.

www.thehindu.com

Explained | Gaps in Aadhaar-enabled Payment System (AePS) abused by cybercriminals

Gaps in Aadhaar-enabled Payment System (AePS) are being abused by cybercriminals. To learn more, read the full story on The Hindu.
www.thehindu.com www.thehindu.com

thewire.in

A Pakistani Spy and Lord Hanuman Walk Into an Aadhaar Centre. What Does the UIDAI Do?

Do Mehmood Akhtar and a Hindu god really get LPG cylinders delivered to them?
thewire.in thewire.in

www.huffpost.com

Aadhaar Operator's Biometrics Stolen And Misused, UIDAI Documents Prove

Tech-support emails accessed by HuffPost India prove that the biometric identity of an Aadhaar operator were stolen and misused to access the UIDAI software at various locations in India.
www.huffpost.com www.huffpost.com


theprint.in

Cybercriminals 'cloning' Aadhaar biometric data to commit fraud: MHA nodal agency to states

I4C, MHA's nodal agency for cybercrime, has requested states/UTs to 'mask' fingerprints on documents when uploading them on registry websites.
theprint.in theprint.in

www.ndtv.com

Gang Loots Insurance Money By Misusing Aadhaar, Opening Fake Accounts

Delhi Police arrested 5 people, including 2 ex-employees of a leading insurance firm, for allegedly cheating 22 policy holders and withdrawing Rs 2.38 crore that remained with the insurer unclaimed either as surrendered amount or after maturity.
www.ndtv.com www.ndtv.com

timesofindia.indiatimes.com

Government, UIDAI helpless as instances of Aadhaar misuse reach terrifying new levels

One of the most serious concerns about the Aadhaar card has been the safety aspect, both in terms of the mismanagement of data as well as the misuse of the...
timesofindia.indiatimes.com timesofindia.indiatimes.com

The links above are just a quick search in google, imagine metric load of unreported cases.
UIDAI suspended thousands of operators earlier, imagine the fallout from all this, probability of exploitation, whether whatever happened already is properly recorded, etc.

Only hope we can keep is things will get better eventually.
 
Last edited:
TEUser2K1 said:
@blr_p
> What damage is done to the people whose aadhar has been used this way? they're going to be getting some calls from the IT dept and be inconvenienced. But they are not going to be liable for anything.

For many people, that 'minor inconvenience' you see becomes a life long problem when govt. and agencies work without enough seriosness.
Click to expand...
So if your Aadhar was used in some scam then you become suspect and this is lifelong.

Does your credit score get affected and how can you exonerate yourself?

Who gets to label such and such Aadhar as tainted? govt or private entities.

This is the linking business that those against aadhar were talking about ten years back. Govt does not do it but others do.

Can the govt do anything here? you are dealing with private entities that want to manage their risk.
 
> This is the linking business that those against aadhar were talking about ten years back. Govt does not do it but others do.
Govt. let others do it, they should ensure security being provider of this id.

> Can the govt do anything here?
No, nothing. Ever. Forever.
lolz. When one don't want to recognize the problem and keep their eyes shut on purpose, nobody can convince them.
 
TEUser2K1 said:
> This is the linking business that those against aadhar were talking about ten years back. Govt does not do it but others do.
Govt. let others do it, they should ensure security being provider of this id.
Click to expand...
And if that is not possible there have to be workarounds. You are not going to spend the rest of your life as a second-class citizen
TEUser2K1 said:
> Can the govt do anything here?
No, nothing. Ever. Forever.
lolz. When one don't want to recognize the problem and keep their eyes shut on purpose, nobody can convince them.
Click to expand...
Then it's not a big enough problem yet :)

But if it makes life difficult for enough people then they will have to address it. I don't know how much enough is but you should pray for more breaches and then it will happen.

Damage limitation is paramount for any govt. They want to remain in office or regain it. In this country, they've been thrown out on smaller pretexts than this.

I don't like this rush to digitise everything. Something this govt likes to boast about. Not that the previous one that birthed this crap was any better.

I'll take atoms over bytes wherever possible.

It's putting everything in one basket and if something happens then too many aspects of life get affected is the perception/fear. Makes you think we were more resilient the old school way. Less linked and more compartmentalised.
 
Last edited:
TEUser2K1 said:
Need better ways of implementing and correcting issues faced, that is for sure.
Click to expand...
Another way of looking at this is how much fear is there about this subject here?

How many are actively engaging here once you leave out the room temperature IQ govt bashing?

Just me and you. Seriously, do people here even give a damn. Why will govt do anything then? There are no complaints isn't it :confused:

Think of the day when a thread is created.

My Aadhar has been leaked/compromised. What should I do?

What answers will you give?

That is what i want to go to town with here.
TEUser2K1 said:
Hope those higher up will find means to all this.
Click to expand...
There will be a lot of to and fro. People will have problems which then the system will have to learn to cope with and adapt.
 
All the while when we are talking about people with room temperature iq:

US Nobel Prize winner said this after meeting PM...

Nobel prize-winning American economist Paul Romer who met with Prime Minister Narendra Modi in New York on Tuesday (local time) commended India's model of Aadhar-based authentication saying that the country can really show the world how to do it
news.rediff.com

Nobel prize-winning American economist Paul Romer who met with Prime Minister Narendra Modi in New York on Tuesday (local time) commended India's model of Aadhar-based authentication saying that the country can "really show the world how to do it right."

Prime Minister Modi and the former chief economist of the World Bank discussed India's digital path, including the adoption of Aadhar and cutting-edge solutions such as Digilocker during their meeting.

Again, we can only hope such attention will bring more focus on privacy and security aspects also.
 
Kaleen Bhaiya said:
Er... Didn't the government say there was no data breach?
Click to expand...
where did they say that
TEUser2K1 said:
www.rediff.com

Bihar man, teen arrested for CoWIN data leak via Telegram

A man from Bihar was arrested and a juvenile was apprehended in connection with their involvement in the alleged data leak from CoWIN portal, officials said on Thursday.
www.rediff.com
Click to expand...
The matter was sent for a review by the country's nodal cyber security agency CERT-In, which said in its initial report, that the backend database for the Telegram bot, which is at the centre of the alleged leak, was not directly accessing the APIs of the CoWIN database.
Click to expand...
That's the part that counts. The extent of this leak is limited
TEUser2K1 said:
indianexpress.com

2 Bihar brothers used mother’s CoWIN ID to leak data: Delhi Police

They are not involved in data breach in other states: cops
indianexpress.com indianexpress.com
Click to expand...
This is the first arrest in the data breach case. However, senior police officers said the accused were not involved in the “major data breach”, which involves data leak of thousands of people from across states. The arrested duo had access to data of only a few individuals, they said.
Click to expand...
Oh, so there is still more work to be done here.
The investigation was conducted with the help of Telegram platform and CERT-In. “The matter is at a preliminary stage and not much can be revealed. The men were not selling the data to anyone in particular. They only had access to certain ID and data which they used to create a software (bot) and share on social media,” said a source.
Click to expand...
 
Last edited:
blr_p said:
where did they say that


That's the part that counts. The extent of this leak is limited
Click to expand...
This is not exactly a leak IMO.

Leak entails structural breach of the data servers.

This isn’t that. A healthcare worker’s son misused her credentials. The central server was not breached in this case. However, The way it was sensationalised made it appear as a breach. The government also made some controversial statements that need clarification.

The way people reacted shows that they are aware of their rights but it also shows that the government hasn’t been able to generate trust on data handling. They need to build a system of trust around such sensitive data. Data protection policy and mandatory third party audits should be introduced. Also, People dealing with such data need to be trained in maintaining secrecy.
 
mayank11280 said:
This isn’t that. A healthcare worker’s son misused her credentials. The central server was not breached in this case. However, The way it was sensationalised made it appear as a breach. The government also made some controversial statements that need clarification.
Click to expand...
There is more to be investigated. Additional people were involved

Healthcare worker's son is only the first arrest to date
 
blr_p said:
where did they say that
Click to expand...
www.livemint.com

CoWIN data leak! Aadhaar, PAN Card info of Covid vaccine receivers on Telegram

Personal information of Indian citizens, including Aadhaar and PAN card details, are reportedly available on Telegram due to a data breach caused by the CoWIN portal
www.livemint.com www.livemint.com

The government has responded to the claims of CoWIN data leak, saying that the reports of a breach are “mischievous in nature". The government has also maintained that the data is “completely safe".

In a press release, the government said, “It is clarified that all such reports are without any basis and mischievous in nature. CoWIN portal of Health Ministry is completely safe with adequate safeguards for data privacy."
Click to expand...

Not that it matters because I have zero trust on this government.
 
Locked aadhar, although now I think that facility is also a eye wash, presumably. Initially these leak related news used to worry me much, now I get big big yawns. I congratulate the person who is doing scam with my credentials because that has always been his level/standard. Good thing is these leaks are in news, that's a positive.
 
I have given up on privacy now in these times, if its not govt leaking data, its corporations logging your habbits, and if you truly want piracy, you gotta be prepared to to forgo most of the modern conveniences because of it.
 
Back
Top