How safe is CoWin?

Chennai: The CoWin system used for registering people for Covid-19 vaccination is completely secure and reports of the system being hacked ‘appear to be fake’, the government has said.

Nonetheless, the matter will be investigated by the Computer Emergency Response Team, known as the government’s best counter-hacking group under the Ministry of Electronics and Information Technology (MietY).

On Thursday, Data Leak Market was selling a database of Covid-19 vaccination in India for $800. The date included vaccination data of 150 million people including name, Aadhaar number, and location. “We are not the original leaker of data. We are the reseller,” the website read.

The data leak allegedly happened on the CoWin portal, which is used by users and government for vaccination.

However, the Health Ministry and security researchers have ruled out the possibility of such a hack.

“Our attention has been drawn towards the news circulating on social media about the alleged hacking of Co-Win system. In this connection we wish to state that Co-Win stores all the vaccination data in a safe and secure digital environment. No Co-Win data is shared with any entity outside the Co-Win environment. The data being claimed as having been leaked such as geo-location of beneficiaries, is not even collected at Co-Win. The news prima facie appears to be fake. However, we have asked the Computer Emergency Response Team of MeitY to investigate the issue,” RS Sharma, who heads the Co-Win portal, said in a statement.

“There have been some unfounded media reports of the CoWIN platform being hacked. Prima facie, these reports appear to be fake. However, the Union Health Ministry and the Empowered Group on Vaccine Administration (EGVAC) arc getting the matter investigated by the Computer Emergency Response Team of Ministry of Electronics and Information Technology (MielY),” the Ministry said in an official statement.

In May, the Union Ministry had defended CoWin, saying that it cannot be hacked after it faced criticism about the vulnerability of the CoWIN platform, delay in getting vaccination slots and a digital divide that benefits a selected few.

In a press statement titled “Busting myths of vaccination,” the Health Ministry said CoWin cannot be hacked and its features of OTP (one time password) and captcha cannot be bypassed.

 

Balasubramani Muniyandi