Cybersecurity firm debunks COWIN data breach claims, ensures privacy protection
New Delhi, June 13: CloudSEK analysis dismisses claims of data access to the entire COWIN portal, states information likely scraped from compromised credentials on Telegram.
Amid the ongoing controversy surrounding the alleged data leak of Covid vaccination recipients on India's COWIN platform, a prominent cybersecurity firm has refuted claims of a breach in citizens' privacy.
CloudSEK, a Singapore-based startup specializing in cybersecurity, released a report on Tuesday stating, "CloudSEK Analysis concludes that threat actors do not have access to the entire Cowin portal nor the backend database. Based on matching fields from Telegram data and previously reported incidents affecting health workers in a region, we assume the information was scraped through these compromised credentials. The claims need to be verified individually."
Also Read: NEET Result 2023: NTA NEET-UG results and final answer key expected today: How to check
According to CloudSEK, their AI-driven digital risk platform, XVigil, discovered a threat actor advertising a Telegram bot offering personally identifiable information (PII) data of Indian citizens who allegedly registered for vaccines through the Cowin portal.
In their analysis, the firm identified the Covid data bot, which published the alleged leaked information, as being offered by a channel called hak4learn. This channel frequently shares hacking tutorials, resources, and bots for individuals to access and purchase.
"At first, the bot was available to everyone, but it was later upgraded to be exclusive to subscribers. The upgraded version provided PII data, including Aadhaar card numbers, Pan card details, Voter ID information, gender, and the name of the vaccination center, based on the phone number," explained CloudSEK.
The cybersecurity firm emphasized that the true source of the Telegram bot remains unknown.
"It is important to note that the bot had Version 1, which only displayed personal information based on the phone number. Meanwhile, Version 2 claimed to be a Truecaller bot, containing personal information of individuals," stated the report.
Also Read: Government denies Twitter founder's allegations of Indian pressure; IT Minister slams 'outright lie'
Currently, the bot is not operational, but the channel's admin mentioned the possibility of it being reinstated at a later time.
Significantly, CloudSEK recalled an incident on March 13, 2022, when a threat actor on a Russian cybercrime forum advertised compromised access to the Cowin portal in the Tamil Nadu region, claiming to have breached the Cowin database.
"After analysis, we discovered that the breach involved a health worker and did not impact the infrastructure. The content displayed in the screenshot aligns with the Telegram bot mentioned in the media, including the name of the individual, mobile number, identity proof, identification number, and the number of vaccine doses completed. Additionally, there are numerous healthcare worker credentials available on the dark web for the Cowin portal. However, this issue primarily stems from inadequate endpoint security measures implemented for healthcare workers, rather than any inherent weaknesses in Cowin's infrastructure security," clarified CloudSEK.
Founded in 2016, CloudSEK combines Cyber Intelligence, Brand Monitoring, Attack Surface Monitoring, Infrastructure Monitoring, and Supply Chain Intelligence to provide context to customers' digital risks. The alleged COWIN data leak analysis was conducted at the request of the government.
The Indian Computer Emergency Response Team (CERT-In) is also investigating the matter, with preliminary reports ruling out a breach of citizen privacy.
Also Read: CoWIN data leak: Data safe, reports of data breach baseless, clarifies Health ministry
- With inputs from agencies
