CoWIN Data Breach

The hacker who was responsible for the CoWIN data leak has come forward and claimed responsibility for the most recent breach of the platform that is used to register for the Covid-19 vaccination. In an elite collaboration with India Today, the programmer made sense of that he didn’t penetrate the CoWIN stage itself, however rather tracked down weaknesses in a related stage. The platform was not named by him. The hacker made use of a Telegram chatbot that generated personal information about people who had been vaccinated. They were able to get this information by exploiting flaws in the other platform.

Previous reports suggested that Telegram had been hacked and distributed all of the CoWIN data. Personal information like names, mobile numbers, the details of Aadhaar and PAN cards, date of birth, and information about vaccination centres were included in the screen grabs of the leaked data. Even the details of the passport were leaked at times. Anyone who joined a particular Telegram group and entered the target’s mobile number or Aadhaar number had access to it.

To confirm the programmer’s authenticity, India Today requested that they post a particular message in the Wire bunch used to question the spilled information. After the programmer posted and later erased the message, their accreditations were laid out. The hacker acknowledged that a vulnerability in a different platform used by the Health Ministry, which focuses on child health, allowed access to the Telegram chatbot’s results. The hacker was able to access this platform, retrieve the information about Auxiliary Nurse Midwives (ANMs), and then retrieve the same information by querying Telegram.

The hacker clarified that there was not a massive dump of CoWIN data available, contrary to previous reports. However, if individuals’ phone numbers or Aadhaar numbers were accessible, the vulnerability made it possible to retrieve their data. The programmer guaranteed not to have brought in any cash from the information.