Personal details of Indians on CoWin portal leaked in huge data breach
In a major data breach, the personal details of Indians from the CoWin portal, which were submitted during the taking of COVID-19 vaccines, have been leaked. They were available freely on a Telegram account until today morning, when access to the data dump was stopped in response to the news about this data leak gaining wide currency.
The personal details of all or almost all those who took COVID-19 vaccines in India by registering on the government’s CoWin portal have been leaked. The news was first reported by the Malayalam language news portal, The Fourth yesterday evening.
The news got wider coverage after RTI activist and Trinamool Congress spokesperson Saket Gokhale posted a tweet thread about the leak today morning. Various news portals and people, including politicians, have since posted about the leak on social media.
The details became available on a Telegram account run by ‘hak4learn’, with a bot called ‘Truecaller’ providing the information. The bot was created on June 1, as per a report by Quint.
The scale of the data breach is huge. The bot asked for a phone number and immediately gave the full details of the person, as available on the CoWin portal, including name, gender, identity number (passport or Aadhaar), date of birth and the place of vaccination.
If multiple people registered under a single phone number, the details of all those details were available.
The bot giving the details became defunct today morning after The Fourth had published the news of the data leak, which was clearly mentioned as the reason by the bot (see above).
Quint found that the bot became active again at 12.30 pm today but was not providing any results.
Saket Gokhale tweeted screenshots of the details of top politicians and journalists that were freely available on the Telegram channel.
Among those whose data was leaked is Ram Sewak Sharma (see the first screenshot above), chairman of the CoWIN high-power panel and CEO of the National Health Authority (NHA), who had tweeted in response to another news of CoWin data breach in January 2022 that because of CoWin’s “state-of-the-art security infrastructure”, “data of our citizens on CoWIN is absolutely #safe and #secure”.
What he or the Union government will say now remains to be seen.
