Major data breach as personal data from CoWIN gets leaked on Telegram
Telegram bot would give personal details of people if their registered number was entered.
A report has emerged which says that personal details of people who registered on the platform which was facilitated by the government to book appointments to get Covid-19 jabs were leaked on Telegram.
The report says that on entering a registered mobile number on Telegram, the bot would give the personal details of the person whose number was entered. The personal details included the Aadhar card, PAN card, Passport details, Voter ID, etc.
“It is old data, we are still verifying it; we have sought a report regarding the same”, ANI quoted the person familiar with the development in Ministry of Electronics and Information Technology.
The bot is also giving details of individuals and several Opposition leaders’ data including — Rajya Sabha MP and TMC Leader Derek O’Brien, former Union Minister P. Chidambaram, Congress leaders Jairam Ramesh, Deputy Chairman Rajya Sabha Haribansh Narayan Singh, Rajya Sabha MPs Sushmita Dev, Abhishek Manu Singhvi, and Sanjay Raut, among others. Notably, Union Health Ministry secretary, Rajesh Bhushan, is also a victim of the data breach.
The bot was blocked as soon as the report emerged.
The CoWIN portal opens to a user after they enter the one-time password or OTP it sends to their phone number. This is the system that is bypassed by the Telegram bot.
The CoWIN platform was launched during the 2020 COVID-19 outbreak to help people book their vaccine appointments online.
