According to analysts, following the reported data breach on the Co-WIN portal, it has been determined that the hackers do not possess complete access to either the entire Co-WIN portal or the backend database.
The hacker was found to be divulging personal details, including mobile numbers and Aadhar numbers, of individuals who had registered on the Co-WIN portal for their vaccination.
Based on research findings, a cybersecurity firm detected a threat actor promoting a Telegram bot that claimed to provide personally identifiable information (PII) of Indian citizens. Researchers believe that these threat actors may have acquired various credentials linked to healthcare workers, potentially enabling them to access the CoWIN portal and its related data.
Based on research findings, a cybersecurity firm detected a threat actor promoting a Telegram bot that claimed to provide personally identifiable information (PII) of Indian citizens. Researchers believe that these threat actors may have acquired various credentials linked to healthcare workers, potentially enabling them to access the Co-WIN portal and its related data.
The Ministry additionally mentioned that they have requested the Indian Computer Emergency Response Team (CERT-In) to investigate the matter and provide a report. They have also initiated an internal assessment to evaluate the current security measures of Co-WIN. According to their statement, data can only be accessed through OTP, making it impossible to obtain the personal details of vaccination beneficiaries.
In its preliminary report, CERT-In stated that the backend database of the Telegram bot did not directly access the APIs of the Co-WIN database.
Addressing the data leak, Rajeev Chandrasekhar, the Union Minister of State for Electronics and IT, commented that there seems to be no direct breach of the Co-WIN app or database.
The team emphasized that multiple healthcare worker credentials for the Co-WIN portal are readily available on the Dark Web, underscoring the importance of enhancing endpoint security measures for healthcare workers. They suggested that the compromised credentials of healthcare workers might have been utilized to access personal data. However, to validate these assertions, the team would need to individually examine each claim.
Researchers have revealed that the Covid data bot was provided by a channel named 'hak4learn', which regularly shared hacking tutorials, resources, and bots for users to access and purchase. Nevertheless, the true origin of the Telegram bot remains undisclosed.
In the beginning, the bot was accessible to everyone, but it was subsequently enhanced to cater exclusively to subscribers. The admin of the channel stated that the bot is currently inactive but may be reinstated at a later time.
The team has presented recommendations to enhance the security of the Co-Win website. The researchers propose implementing a 2-Factor Authentication (2FA) system for the portal. Additionally, they advise monitoring cybercrime forums to stay updated on the latest tactics employed by threat actors.