Cyber security group’s AI analysis supports theory that CoWIN data leak not new

Cyber security group’s AI analysis supports theory that CoWIN data leak not new
Representationla imageCanva
  • The Indian government has refuted that there has been a direct breach from its CoWIN database that was used for COVID vaccination.
  • The data leak, reported on June 12, is from an earlier data breach, says the government.
  • The Union Minister has clarified the situation on Twitter.
The Indian government has swung into action after reports about a data breach from the CoWIN database came to light. The government has said that it “does not appear” that the CoWIN app and database have been “directly breached”. CloudSEK, an AI digital risk management company has released a report which agrees with the government’s claim that the leak is not new.

Rajeev Chandrasekhar, the union minister of state for the Ministry of Electronics and Information Technology took to Twitter to clarify the government’s stand on the CoWIN data leak issue.

Data leak from a previous breach?

Chandrasekhar in his tweet mentioned that the data being used by the Telegram bot is from a threat actor database, which is being populated using previously stolen data.

To recall, data of over 20,000 people, including their name, mobile number, Covid-19 test result and their address was reportedly leaked in 2022.

In another instance, data of over 15 crore citizens was reportedly leaked in 2021 and the hackers put the data on sale. The government however refuted the claim and said that the CoWIN platform was never hacked.


Interestingly, the government had so far not confirmed a data breach and has only now confirmed that there was a breach in the past, without revealing any information about the extent of the breach or the cause.

API exists to pull data without OTP

The government in a press release has said that while there are no public APIs (application programming interface) to pull CoWIN data without an OTP, there are APIs, which have been shared with third parties such as ICMR that can pull data from CoWIN with just the phone number, similar to what we have seen on the Telegram bot. The government however claims that requests are accepted only from a trusted API.

“There are some APIs which have been shared with third parties such as ICMR for sharing data. It is reported that one such API has a feature of sharing the data by calling using just a mobile number of Aadhaar. However, even this API is very specific and the requests are only accepted from a trusted API which has been white-listed by the Co-WIN application.”

Expert take

CloudSEK, which provides AI digital risk management solutions has analysed the telegram bot using XVigil, its AI digital risk platform. As per its analysis, the hacker does not have access to the CoWIN platform or its backend database.

“Based on matching fields from Telegram data and previously reported incidents affecting Healthworker of a region, we assume the information was scraped through these compromised credentials,” CloudSEK said in its report.

According to the company, the data is from a 2022 leak wherein a Russian cybercrime forum offered compromised access to the CoWIN platform for the Tamil Nadu region.


IKIO Lighting IPO - How to check allotment status, listing date and more

Covid-19 vaccination data reportedly leaked – ID proof, date of birth and other details available on Telegram

₹2,000 note withdrawal – How to exchange them, is it a legal tender and other questions answered