LATEST NEWS French Open : Maja Chwalinska beat Anna Kalinskaya to reach maiden Major semi-finals Sukhvinder Singh Sukhu congratulates D.K. Shivakumar on taking oath as Karnataka Chief Minister Media plays a vital role in educating society and promoting positive changes says Kavinder Gupta Nayab Singh Saini’s ‘Go Global’ Approach Gets a New Boost From Women’s Development to Women-Led Development- Modi Government Ushers in a New Era of Governance says Nayab Singh Saini Two Linked Cross-Border Drugs And Arms Smuggling Module Held With 2.2kg Heroin, 6 Pistols Dr. Virendra Kumar Unveils Booklet Showcasing Success Stories of Entrepreneurs Empowered Through Venture Capital Fund and ASIIM Rohit Thakur reviews progress of key education reforms CM Omar Abdullah flags off Cyclothon on World Bicycle Day Kewal Singh Dhillon Takes Charge, BJP Adopts ‘Punjab of Maharaja Ranjit Singh’ as Its Ideal CS Atal Dulloo reviews preparedness for rollout of VB-G RAM G across J&K Why a Diamond Bracelet is the Ultimate Gift for a Woman Jayant Chaudhary Launches ‘Navachar Mantra’, a National Initiative for Grassroots Innovators and Entrepreneurs Special Intensive Revision of Electoral Rolls in Haryana After 24 Years; Door-to-Door Verification Drive to Begin from June 15 D.K. Shivakumar sworn in as Karnataka’s 25th CM Far too less, far too late : Amarinder Singh Raja Warring on Rs 1000 aid to women Mandipalli Ram Prasad Reddy Praises VIT-AP University's Efforts in Hosting the 1st Amaravati International FIDE Rating Chess Tournament Haryana to Construct 26 New Government Ayurvedic Dispensaries Across Six Districts at a Cost of Rs. 15.70 Crore Haryana proposes Rs. 100 Crore Green Climate Fund to Tackle Climate Challenges Mallikarjun Kharge, Rahul Gandhi arrive in K’taka for Shivakumar’s swearing-in ECI hosts global meet on tackling election misinformation, digital challenges

Hackers don't have access to entire CoWIN portal or database: Researchers

Study, New Delhi, Research, Researchers, India News, Hackers, CoWIN Portal, Indian Computer Emergency Response Team, ICERT

Web Admin

5 Dariya News

New Delhi , 13 Jun 2023

Last updated on: Jun 13, 2023, 00:00 IST

Cyber-security researchers on Tuesday said that hackers do not have access to the entire CoWIN portal nor the backend database, after a Telegram bot leaked Indians' data.Based on matching fields from Telegram data and previously reported incidents affecting health workers, the team from cyber-security company CloudSEK said that the information was scraped through these compromised credentials and the claims need to be verified individually.

CloudSEK's contextual AI digital risk platform XVigil discovered a threat actor advertising a Telegram bot that offered personally identifiable information (PII) data of Indian citizens who had allegedly registered vaccines from the CoWIN portal.

"It is believed that the threat actors have obtained multiple credentials belonging to health workers, which they can use to access the CoWIN portal and its associated data," according to researchers.

On March 13, 2022, a threat actor on a Russian cybercrime forum advertised compromised access to the CoWIN portal, sharing a screenshot of the CoWIN database portal affecting the Tamil Nadu region.

"There are numerous healthcare worker credentials available on the Dark Web for the CoWIN portal, highlighting the need for better endpoint security measures for healthcare workers," the team highlighted.

The Union Ministry of Health and Family Welfare (MoHFW) on Monday dubbed the alleged data breach of Covid-19 vaccine beneficiaries as "mischievous in nature", saying that the CoWIN portal is completely safe with adequate safeguards for data privacy.

The Ministry also said that it has requested the Indian Computer Emergency Response Team (CERT-In) to look into this issue and submit a report, besides initiating an internal exercise to review the existing security measures of CoWIN.

According to cyber-security researchers, the Covid data bot was offered by a channel called 'hak4learn', which frequently shared hacking tutorials, resources, and bots for individuals to access and buy.Initially, the bot was available for everyone to use, but it was later upgraded to be exclusive to subscribers.

"The bot is currently down and might come up later as mentioned by the admin of the channel," said CloudSEK.Union Minister of State for Electronics and IT, Rajeev Chandrasekhar had said that it does not appear that the CoWIN app or database has been directly breached.