On Thursday, news of CoWIN being hacked spread like wildfire all over social media. The source of this information was a post on a site called Data Leak Market – a well-known marketplace for data vendors on the Dark web.
The post claimed that the hackers had vaccination data of over 150 million individuals and the details included name, Aadhar number and location.
The site immediately went offline and given how several data dumps on the same forum in the past (Mobikwik, Dominos and Air India) had turned out to be true, everyone was alarmed.
But turns out, it was just a hoax. Or at least the government and cybersecurity researchers believe so.
“We have come across some media reports about the CoWIN platform being hacked. These reports appear to be fake prima facie,” read a statement by the Union health ministry.
The matter is however under investigation by the Computer Emergency Response Team of the Ministry of Electronics and Information Technology (MietY) and the Empowered Group on Vaccine Administration (EGVAC).
“We have been alerted about the news circulating on social media which claims that the Co-WIN system has been hacked. We wish to state that all the vaccination data has been stored in a safe and secure digital environment,” said RS Sharma, Chairman of CoWIN.
He also added that data being allegedly sold as per the viral Dark web post isn’t even collected by the government.
“CoWIN does not even collect the geo-location of beneficiaries. The news prima facie appears to be fake. However, we have asked the Computer Emergency Response Team of MeitY to investigate the issue,” he added.
Cybersecurity researcher Rajshekhar Rajaharia took to Twitter and said that the post was made by bitcoin scammers.
He even pointed out the fake leak listings and how the website address was being constantly changed
This week, the government s made two major changes to the CoWIN Portal after feedback from users across the country. The new update aims to keep bots out of the CoWIN portal.