Latest


Hackers don't have access to entire CoWIN portal or database: Researchers

  •   Tue, Jun 13 2023 11:01:03 AM

New Delhi, Jun 13 (IANS): Cyber-security researchers on Tuesday said that hackers do not have access to the entire CoWIN portal nor the backend database, after a Telegram bot leaked Indians' data.

Based on matching fields from Telegram data and previously reported incidents affecting health workers, the team from cyber-security company CloudSEK said that the information was scraped through these compromised credentials and the claims need to be verified individually.

CloudSEK's contextual AI digital risk platform XVigil discovered a threat actor advertising a Telegram bot that offered personally identifiable information (PII) data of Indian citizens who had allegedly registered vaccines from the CoWIN portal.

"It is believed that the threat actors have obtained multiple credentials belonging to health workers, which they can use to access the CoWIN portal and its associated data," according to researchers.

On March 13, 2022, a threat actor on a Russian cybercrime forum advertised compromised access to the CoWIN portal, sharing a screenshot of the CoWIN database portal affecting the Tamil Nadu region.

"There are numerous healthcare worker credentials available on the Dark Web for the CoWIN portal, highlighting the need for better endpoint security measures for healthcare workers," the team highlighted.

The Union Ministry of Health and Family Welfare (MoHFW) on Monday dubbed the alleged data breach of Covid-19 vaccine beneficiaries as "mischievous in nature", saying that the CoWIN portal is completely safe with adequate safeguards for data privacy.

The Ministry also said that it has requested the Indian Computer Emergency Response Team (CERT-In) to look into this issue and submit a report, besides initiating an internal exercise to review the existing security measures of CoWIN.

According to cyber-security researchers, the Covid data bot was offered by a channel called 'hak4learn', which frequently shared hacking tutorials, resources, and bots for individuals to access and buy.

Initially, the bot was available for everyone to use, but it was later upgraded to be exclusive to subscribers.

"The bot is currently down and might come up later as mentioned by the admin of the channel," said CloudSEK.

Union Minister of State for Electronics and IT, Rajeev Chandrasekhar had said that it does not appear that the CoWIN app or database has been directly breached.

 
  

Top Stories

Manipal Arogya Card marks 25 years, enrollment begins

  •   15 hours ago   

Leave a Comment

Title: Hackers don't have access to entire CoWIN portal or database: Researchers



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.

You might also like