 "Threat actors don't have access to entire CoWIN portal, database: Report")
After the Union health ministry dismissed reports of a data breach on the CoWIN platform, cyber security firm CloudSEK has said that threat actors do not have access to the entire portal nor the backend database.
"Based on matching fields from Telegram data and previously reported incidents affecting health workers of a region, we assume the information was scraped through these compromised credentials," CloudSEK said in a report on Monday after an independent analysis.
On March 13, a threat actor on a Russian cybercrime forum advertised for compromised access on the CoWIN portal of Tamil Nadu region, it said.
After an analysis, CloudSEK said, it was discovered the breach was that of a health worker and not really of the infrastructure. The content displayed on the screenshot matches with the Telegram bot mentioned in the media as follows -- name of the individual, mobile number, identity proof, identification number and number of doses completed.
"Furthermore, there are numerous healthcare worker credentials accessible on the dark web for the CoWIN portal. However, this issue primarily stems from the inadequate endpoint security measures implemented for healthcare workers, rather than any inherent weaknesses in CoWIN's infrastructure security," the report said.
Asserting that the CoWIN portal was completely safe with adequate safeguards for data privacy, the Union health ministry on Monday dismissed as "mischievous" the claims of a data breach on the platform and said the matter had been reviewed by the country's nodal cyber security agency CERT-In.
In a statement, the ministry also said that an internal exercise had been initiated to review the existing security measures.
"With reference to some alleged CoWIN data breaches reported on social media... the Indian Computer Emergency Response Team (CERT-In) immediately responded and it does not appear that the CoWin app or database has been directly breached," said Union Minister of State for Electronics and Information Technology Rajeev Chandrasekhar.
In its statement, the health ministry said there was no basis for the reports alleging the breach of data from the CoWIN portal, a repository of all data of all those who have been vaccinated against COVID-19 in the country.
"It is clarified that all such reports are without any basis and mischievous. The Co-WIN portal of the health ministry is completely safe with adequate safeguards for data privacy," it had said.
CERT-In, in its initial report, has pointed out that the backend database for the Telegram bot was not directly accessing the APIs of the CoWIN database, according to the statement.
(Only the headline and picture of this report may have been reworked by the Business Standard staff; the rest of the content is auto-generated from a syndicated feed.)
You’ve reached your limit of {{free_limit}} free articles this month.
Subscribe now for unlimited access.
Already subscribed? Log in
Subscribe to read the full story →
Smart Quarterly
₹900
3 Months
₹300/Month
Smart Essential
₹2,700
1 Year
₹225/Month
Super Saver
₹3,900
2 Years
₹162/Month
Renews automatically, cancel anytime
Here’s what’s included in our digital subscription plans
Exclusive premium stories online
Over 30 premium stories daily, handpicked by our editors
Complimentary Access to The New York Times
News, Games, Cooking, Audio, Wirecutter & The Athletic
Business Standard Epaper
Digital replica of our daily newspaper — with options to read, save, and share
Curated Newsletters
Insights on markets, finance, politics, tech, and more delivered to your inbox
Market Analysis & Investment Insights
In-depth market analysis & insights with access to The Smart Investor
Archives
Repository of articles and publications dating back to 1997
Ad-free Reading
Uninterrupted reading experience with no advertisements
Seamless Access Across All Devices
Access Business Standard across devices — mobile, tablet, or PC, via web or app