CoWIN app's COVID-19 Vaccination data of 15 crore users leaked and up for sale; Government denies breach
On Thursday, yet another big data leak news emerged in Indian media. Reports of CoWIN app data leak surfaced online claiming that the COVID-19 vaccination data of 150 million (15 crore) Indians was up for purchase. As per a website called Dark Leak Market on the DarkWeb, this purported data leaked by hackers is up for purchase. The post claimed that the group hacked and reselling the data for $800. The website also stated that they weren't the "original leaker" of the data but just the resellers.However, the government later denied that the CoWIN platform was hacked. It stated that the reports circulating about the leak are fake, and there is no breach because the CoWIN platform data has never been exposed to third parties, and it is stored in a “safe and secure digital environment”.“There have been some unfounded media reports on the CoWIN platform being hacked. Prima facie, these reports appear to be fake,” noted a statement issued by the Union health ministry."Reports of #CoWIN platform being hacked, prima facie appear to be fake. Out of abundant precaution, emergency response team of @GoI_MeitY is investigating the matter. Data speculated to have been leaked such as geo-location of beneficiaries, is not even collected on Co-WIN. All data on #CoWIN is stored in a secure digital environment and is not shared with anyone outside of it," Health Minister Dr Harsh Vardhan said in a tweet.Independent cyber security researcher Rajshekhar Rajaharia told IANS that the hacking group's website is fake, and they are running a Bitcoin scam."CoWIN is not hacked as the so-called hacking group is listing fake leaks. It is a Bitcoin scam and people should not fall victim to these hackers. The CoWIN data is safe," Rajaharia told IANS.In addition, the ministry and the Empowered Group on Vaccine Administration (EGVAC) is getting the matter investigated by the Computer Emergency Response Team of the Ministry of Electronics and Information Technology (MietY).According to Dr R S Sharma, the Chairman of the Empowered Group on Vaccine Administration (CoWIN), the platform stored all data in a "safe and secure digital environment" and did not share it. He also noted that the data that had purportedly been accessed by the hackers included the geo-location of beneficiaries - something that is "not even collected at CoWIN".For those who are unaware, CoWin platform is used to book a slot for COVID-19 vaccination. The website requires users to submit their Aadhar card or any government-issued ID card, their phone number and location to book a slot.