National Health Authority CEO RS Sharma (File Image)
Two days after the government launched an investigation into the alleged claims that the vaccination data of 150 million Indians were breached, Co-WIN chief RS Sharma said that the claims were baseless.
On June 12, the health ministry said in the statement that the matter of Co-WIN hacking has been investigated by the Computer Emergency Response Team under the Ministry of Electronics and Information Technology (MeitY).
Infosys automating integration between own platform, CoWIN to ease vaccination process for staff
Sharma, chairman, Empowered Group on Vaccine Administration, said in a statement on June 12, “The claims of so-called hackers on the dark web relating to the alleged hacking of Co-WIN system and data leak are baseless. We continue to take appropriate steps as are necessary, from time to time, to ensure that the data of the people are safe with Co-WIN.”
On June 10, Data Leak Market, a website in the dark web that reportedly sells leaked documents, was selling a database of COVID-19 vaccination in India for $800. The database included vaccination data of 150 million people including name, Aadhaar number, and location. “We are not the original leaker of data. We are the reseller,” the website read.
The data leak allegedly happened on the CoWin portal, which is used by users and government for vaccination.
However, the health ministry and security researchers have ruled out the possibility of such a hack. Rajshekhar Rajaharia, an independent security researcher, also said that Co-WIN portal was not hacked. “Some fake Dark Leak Market is claiming to sell data of 150 million COVID-19 Vaccinated People of India. It's completely fake and a Bitcoin scam.”
He further explained that the website has been posting leaked documents, which are fake. The reportedly leaked documents the site posted include SBI YONO, which was never hacked, he pointed out. It was also selling Mobikwik user data, which Rajaharia said, are not available on the dark web.
“This market is frequently posting fake data leaks and scamming people. They are just taking Bitcoin for nothing. Data Sample also not available anywhere,” he added.
Later, the French security researcher Bapiste Robert who had tweeted the data leak tweet, deleted it.