CoWIN Web Portal hacked, User data put on sale on the DarkWeb
Only a few weeks after hackers breached India's premier government hospital, AIIMS Delhi, they have moved on to the Indian government's web portal for COVID-19 vaccination, CoWIN.gov.in, selling sensitive information to the highest bidder on the Dark Web.
Screen grab of the Hackers post, selling user data from CoWIN.gov.in
The potential threat actor has claimed to have access to the CoWIN portal database in a post on a well-known hacker forum. The evidence provided by the hacker consists of screen captures of the portal's administrative interface, which display sensitive information such as patient IDs, sample IDs, secretariat names, citizen names, mobile numbers, and result dates. Information on vaccination clinics, administrators, and providers is included, among other things.
Excel sheet of 100 users with Patient ID and Phone numbers shared as proof by the Hacker
The data breach appears to have occurred at the Andhra Pradesh node of CoWIN, according to the images released by the hacker. The hacker has provided an Excel sheet with the phone numbers of 100 CoWIN users from different districts of Andhra Pradesh as evidence that the data belongs to the organisation.
Another post by the same hacker claiming to have over 5 Lakh user data from CoWIN.ap.gov.in
In one post, the hacker says he has access to the data of 5,000 users; in another, he says he has access to the data of over 500,000 accounts. The data's veracity has not been established as of yet. Additionally, it appears the hacker only gained access to one of the administrators accounts of the Andra Pradesh CoWIN portal, and not the system itself.
The hacker has not yet set a price for the information but has provided his Telegram id to continue negotiations.
Screen grab of the Hackers post, selling user data from CoWIN.gov.in
The potential threat actor has claimed to have access to the CoWIN portal database in a post on a well-known hacker forum. The evidence provided by the hacker consists of screen captures of the portal's administrative interface, which display sensitive information such as patient IDs, sample IDs, secretariat names, citizen names, mobile numbers, and result dates. Information on vaccination clinics, administrators, and providers is included, among other things.
Excel sheet of 100 users with Patient ID and Phone numbers shared as proof by the Hacker
The data breach appears to have occurred at the Andhra Pradesh node of CoWIN, according to the images released by the hacker. The hacker has provided an Excel sheet with the phone numbers of 100 CoWIN users from different districts of Andhra Pradesh as evidence that the data belongs to the organisation.
Another post by the same hacker claiming to have over 5 Lakh user data from CoWIN.ap.gov.in
In one post, the hacker says he has access to the data of 5,000 users; in another, he says he has access to the data of over 500,000 accounts. The data's veracity has not been established as of yet. Additionally, it appears the hacker only gained access to one of the administrators accounts of the Andra Pradesh CoWIN portal, and not the system itself.
The hacker has not yet set a price for the information but has provided his Telegram id to continue negotiations.