Health Minister Dr Harsh Vardhan on Thursday dismissed the reports about the Co-WIN platform being hacked, as "fake". Vardhan said the data that was speculated to have been leaked -- such as the geo-location of beneficiaries -- is not even collected on Co-WIN. Vardhan added that "all data on Co-WIN is stored in a secure digital environment and is not shared with anyone outside of it." He said that for "abundant precaution", the matter is being investigated by the Ministry of Electronics and Information Technology (MeitY) response team.
Dr RS Sharma, chairman of the Empowered Group on Vaccine Administration (Co-WIN), also clarified that "our attention has been drawn towards the news circulating on social media about the alleged hacking of the Co-WIN system. In this connection, we wish to state that Co-WIN stores all the vaccination data in a safe and secure digital environment. No Co-WIN data is shared with any entity outside the Co-WIN environment. The data being claimed as having been leaked such as the geo-location of beneficiaries, is not even collected at Co-WIN", according to PTI.
Where did the claim about the Co-WIN breach come from?
Late on Thursday, a website called Dark Leak Market on the DarkWeb posted that the COVID-19 vaccination data of 150 million Indians were up for purchase. The post claimed that the alleged hack revealed user data including name, mobile number, Aadhaar ID, GPS location, state etc. The Dark leak Market website also stated that they weren't the "original leaker" of the data, just the resellers.
On Thursday evening, French security researcher Baptiste Robert aka Elliot Alderson also re-tweeted the post by 'Dark Leak Market', but later deleted it.
The Co-WIN hack claim could be a Bitcoin scam
Hours after the post claiming the alleged Co-WIN hack, security researcher Rajshekhar Rajaharia revealed in a Twitter post that the portal was not hacked, and the claim was actually a "Bitcoin scam".
Rajaharia said "this market is frequently posting fake data leaks and scamming people. They are just taking Bitcoin for nothing. Data Sample also not available anywhere."
Rajaharia also pointed out that the hackers were demanding a fee to buy the sample data and revealed no evidence to prove the hack.
The hackers were selling the "sample data" for $180.