Photo Credit: Pexels/ Sora Shimazaki
The personal data of COVID-19 vaccine recipients in India was reportedly leaked online via a bot on a popular chat platform, allowing free access to users without the OTP required for the details stored on the CoWIN platform. According to details that surfaced on Twitter on Monday, the leaked data also includes the personal information on several politicians and journalists. The bot that served the information appears to have been blocked, and government officials are reportedly looking into reports of the leaked information.
A report by Malayala Manorama on Monday states that the personal details uploaded by users to the CoWIN portal for access to COVID-19 vaccination shots were available on Telegram via an automated bot. Screenshots of the bot in action surfaced online on Twitter earlier on Monday, and the newspaper states it was able in independently verify the claims made on Twitter. The bot appears to have been taken down after the initial reports of the data breach and Gadgets 360 was unable to test that bot on the messaging platform.
There are several Opposition leaders which include:
— Saket Gokhale (@SaketGokhale) June 12, 2023
1. Rajya Sabha MP & TMC Leader Derek O'Brien
2. Former Union Minister P. Chidambaram
3. Congress leaders Jairam Ramesh & K.C. Venugopal@derekobrienmp @PChidambaram_IN @Jairam_Ramesh @kcvenugopalmp
(2/7) pic.twitter.com/JnD5EKhPBO
Users could input a mobile number and the bot would respond with personal information connected with the phone number such as their name, gender, date of birth, the vaccination centre, as well as details of the official ID provided by the vaccine recipient, such as their Aadhaar or passport number, according to the report, which states that entering the recipient's Aadhaar number would allow the bot to display the same details.
It is worth noting that until now, users would be able to access these details on the government's CoWIN portal after entering an OTP. However, the bot reportedly allowed access to this information with just the recipient's phone number. Trinamool Congress National Spokesperson Saket Gokhale tweeted several screenshots of the personal details of various politicians and journalists found using the Telegram bot.
In January 2021, National Health Authority CEO RS Sharma tweeted "#CoWIN has state-of-the-art security infrastructure and has never faced a security breach. Data of our citizens on CoWIN is absolutely #safe and #secure. Any news about data leaks from CoWIN holds no merit."
#CoWIN has state-of-the-art security infrastructure and has never faced a security breach. Data of our citizens on CoWIN is absolutely #safe and #secure. Any news about data leaks from CoWIN holds no merit.
— Dr. RS Sharma (@rssharma3) January 21, 2022
Meanwhile, NDTV reported that government officials are probing the source of the alleged leak of personal information via the Telegram bot. "The government is investigating whether the data was sourced through CoWIN or some other application," official sources told NDTV.
For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.