The Indian government used its CoWIN portal to disburse Covid vaccines and track dosage in the country. Now, a new report says that the personal information of millions of people who used the government’s CoWIN portal to get vaccinated is freely available online for anyone to access.
According to a report by Malayala Manorama, personal information of all the people who used CoWIN portal to receive Covid-19 vaccine was freely available for anyone to access for a brief period of time on Telegram. The report says that if a Telegram user entered a mobile number within CoWIN’s Telegram channel, the bot would throw up the personal data, submitted on the CoWIN portal or in the CoWIN app. of the person to whom the mobile number belongs to. The personal information that the bot would display includes Aadhaar number, PAN details, passport details, gender, date of birth (DoB) and the places where all the doses for Covid-19 vaccine was administerd to the person.
The bot, as mentioned before provided these details as an instant response to a query on Telegram.
Furthermore, the report says that all of these details could also be accessed if an individual entered the Aadhaar number of a user instead of the phone number. The report also says that the passport details of individuals who entered those details on the government’s CoWIN portal were also leaked online.
What’s more scary, is that the bot on Telegram also leaked details about the family members who registered were under the same phone number on CoWIN app or the CoWIN portal.
It is worth noting that while all of these details are accessible via a one-time-password (OTP) in the CoWIN app for Android and iOS and that the registered users can only access their own details on the platform, they were available freely on Telegram.
As a proof of the bug, Trinamool Congress national spokesperson Saket Gokhale also tweeted the screenshots from Telegram showing personal information of a number of politicians and journalists. You can check the list here:
There are several Opposition leaders which include:
1. Rajya Sabha MP & TMC Leader Derek O’Brien
2. Former Union Minister P. Chidambaram
3. Congress leaders Jairam Ramesh & K.C. Venugopal@derekobrienmp @PChidambaram_IN @Jairam_Ramesh @kcvenugopalmp
— Saket Gokhale (@SaketGokhale) June 12, 2023
How can you safeguard yourself?
Though Techlusive was unable to verify this report independently, the publication, in its report noted that the Telegram bot has been taken down since the report first came out and that it’s not accessible to anyone now.