India probes medical info ‘leak’ to Telegram

From theregister.com

ASIA IN BRIEF India’s government has denied its Co-WIN COVID-19 vaccination management platform has leaked data, but ordered an investigation into the program’s security.

The matter erupted on Monday when political activist Saket Gokhale shared what he said were images depicting personal data from Co-WIN, and describing prominent Indian figures, on an un-named Telegram channel.

Gokhale, who is aligned with India’s opposition parties, claimed the platform had leaked and tried to pin that failure on the national government. If he’s right it’s a colossal scandal, because over a billion Indian citizens are thought to have used Co-WIN.

India’s tech minister Rajeev Chandrasekhar confirmed “A Telegram Bot was throwing up Co-WIN app details upon entry of phone numbers,” but claimed the data came from a previous breach unrelated to Co-WIN.

India’s Ministry of Health and Family Welfare later denied any breach, writing “It is clarified that all such reports are without any basis and mischievous in nature.”

The Ministry also pointed out that Co-WIN is well-secured, that its APIs that could conceivably share data to Telegram require one-time passwords and that such logins are recorded.

Read more…