Read on Twitter
💣💣 The inevitable has happened. #CoWINDataLeak reported by @thefourthlive @ManoramaDaily is a largest #DigitalPublicInfrastructure disaster.
Thread on some impacts.
Thread on some impacts.
https://twitter.com/Jikkuvarghese/status/1668080933969498112
1. What happened? What data points are exposed?
A : A telegram bot allows to query - what possibly appears entire #CoWIN database by mobile number / #Aadhaar & returns vaccination details if exists.
Name, Mobile, Gender, ID Proof used (Aadhaar/Passport), Vax centre address
A : A telegram bot allows to query - what possibly appears entire #CoWIN database by mobile number / #Aadhaar & returns vaccination details if exists.
Name, Mobile, Gender, ID Proof used (Aadhaar/Passport), Vax centre address
If a single number of used for entire family, it returns all members who used the same number.
RS Sharma, Meenakshi Lekhi, KC Venugopal are some of whose data was available.
RS Sharma, Meenakshi Lekhi, KC Venugopal are some of whose data was available.
https://twitter.com/b_sreejan/status/1668068417239396352
2. What is the size of this data leak?
A: While people were able to query anyone they knew and get details, It is unclear how much data has leaked.
I tried searching for #JusticeForSrimathi in the database and a record exists. Vaccination for minors started in Jan 2022
A: While people were able to query anyone they knew and get details, It is unclear how much data has leaked.
I tried searching for #JusticeForSrimathi in the database and a record exists. Vaccination for minors started in Jan 2022
We crossed billion jabs by late 2021 and this means at the very least billion records were exposed. #CoWINDataLeak is thus largest data leak in Indian history - surpassing #AadhaarLeaks which were at ~ 200 million
As with anything enabled by #Aadhaar - fraud in #CoWIN vaccination is also widespread - While a lot of people complained, sufficient reportage around misuse of SIM / Aadhaar in vaccination and how unknown person's vaccination certificate were SMS'd to people. We now have evidence
I used #UID of Hanuman and Pakistani Spy Mehaboob - both of which are disabled after 2016 reportage. The results are interesting.
scroll.in/article/820536…
scroll.in/article/820536…
Mehaboob - Pakistani spy - whose UID was deactivated in 2016 got 5 (or more) vaccinations.
Hanuman too got 5 (or more) vaccinations.
What this exposes - is how much of the 2 billion doses were fraudulent. The vaccine manufacturers were paid for these #CoWIN is multi Crore #SCAM
Hanuman too got 5 (or more) vaccinations.
What this exposes - is how much of the 2 billion doses were fraudulent. The vaccine manufacturers were paid for these #CoWIN is multi Crore #SCAM
#CoWIN has now proven to be biggest #DigitalPublicInfrastructure disaster - which we seem to be advocating to world.
https://twitter.com/PMOIndia/status/1667059358407200768
Given that a large number of people's date of birth is now exposed - financial regulators like @RBI, @SEBI_India @irdaindia must issue guidelines to banks, mutual funds - to avoid any sensitive operation using date of birth to prevent fraudsters exploiting common man.
There were warnings in 2021 - it was vehimently denied - The current #CoWINDataLeak contains data until atleast early 2022.
Will @rssharma3 @UNDP_India @NandanNilekani @eGovFoundation take any accountability for the leak and risking billion people?
Will @rssharma3 @UNDP_India @NandanNilekani @eGovFoundation take any accountability for the leak and risking billion people?
While its important to seek accountabiliy - we must understand this is largest #DigitalPublicInfrastructure disaster. All those evangalising #DPI - never wrote about disaster response.
Keep a close tab on ALL your bank accounts / insurance policies - now date of birth is public.
Keep a close tab on ALL your bank accounts / insurance policies - now date of birth is public.
Password reset for any of these is one step faster for fraudster now that your date of birth is available. Never share an OTP always - but for every account you have - try password reset flow to ensure it can't be taken over.
Digital disasters are social privilege agnostic.
https://twitter.com/SaketGokhale/status/1668104757704269824
thenewsminute.com/article/major-…
@KTRBRS, @KanimozhiDMK, @annamalai_k and @KartiPC who confirmed that their details were authentic. #CoWINDataLeak #DigitalPublicInfrastructure disaster
@KTRBRS, @KanimozhiDMK, @annamalai_k and @KartiPC who confirmed that their details were authentic. #CoWINDataLeak #DigitalPublicInfrastructure disaster
Remember the open challenge by RS Sharma to @kingslyj exposing his UID?
Well his own #Aadhaar was used in Khliehriat CHC by someone in #CoWIN - a platform he headed.
This must tell his security credentials
#CoWINDataLeak #DigitalPublicInfrastructure disaster #DPISummit
Well his own #Aadhaar was used in Khliehriat CHC by someone in #CoWIN - a platform he headed.
This must tell his security credentials
#CoWINDataLeak #DigitalPublicInfrastructure disaster #DPISummit
the ‘digital-first’ vaccination drive essentially enabled centralized data collection by the government fully ignoring privacy concerns which other countries gave due importance to, providing paper based vaccination certificates.
thequint.com/fit/cowin-data… - @garima_sadhwani
thequint.com/fit/cowin-data… - @garima_sadhwani
Reminder that - @internetfreedom @no2uid and several others made a joint call - advocating data-light vaccination - which the government did not listen to.
internetfreedom.in/sign-on-and-su…
internetfreedom.in/sign-on-and-su…
. @thefourthlive which originally broke the #CoWINDataLeak yesterday, shows how coriander got vaccinated as well. #DPIDisaster
Some sense prevails. Thanks @RBI
https://twitter.com/SouthAsiaIndex/status/1668187971516809217
Usually, hackers reveal a slice of data publicly via a bot or web page to prove to the world they have said data and then sell it on the dark web. While the bot is down now, we don't know where all the data is being traded. wired.com/story/a-massiv… #DPIDisaster #CoWINDataLeak
Cybersecurity firm @cloudsek (which also works with Meity on several projects) - put out an 'independent' report - cloudsek.com/threatintellig…
They self-contradict in their statement. Ether they do not have access/data OR have scraped data.
They self-contradict in their statement. Ether they do not have access/data OR have scraped data.
Whoever in government is saying only year of birth was collected is lying. - The following are pieces of data a vaccinator feeds into CoWIN during vaccination - even if you didn't book online appointment. diffchecker.com/qecNUrYL/
https://twitter.com/kingslyj/status/1668161720123109377
What people ostensibly 'consented'. From messages on CoWIN vaccinator page.
How much was spent to collect and leak this data? $4.62 M --
https://twitter.com/logic/status/1556932622445858816
What was the original stated purpose of #CoWIN ?
Adverse Events Following Immunisation or #AEFI monitoring.
How well did we achieve that? #CoWinDataLeak
Adverse Events Following Immunisation or #AEFI monitoring.
How well did we achieve that? #CoWinDataLeak
https://twitter.com/logic/status/1455841184228659207
What did the 'donors' and 'funders' think of the #CoWIN project?
Funding this data collection project is addressing gender issue - and there are no risks of any kind identified.
@UNDP_India shame on you info.undp.org/docs/pdc/Docum…
Funding this data collection project is addressing gender issue - and there are no risks of any kind identified.
@UNDP_India shame on you info.undp.org/docs/pdc/Docum…
undp.org/india/projects… - Winning Over COVID (CoWIN) - @UNDP_India - didn't age well too!
Actually - scratch the $4 M. Its actually $6.6 M spent for #CoWINDataLeak
Rumored breach of India’s vaccination data portal threatens to undermine DPI influence biometricupdate.com/202306/rumored… via @BiometricUpdate
#DPIDisaster #CoWINDataLeak is biggest #DigitalPublicInfrastructure disaster sponsored by billionaires
#DPIDisaster #CoWINDataLeak is biggest #DigitalPublicInfrastructure disaster sponsored by billionaires
Take sometime to laugh even during #DPIDisaster
https://twitter.com/logic/status/1668532194795569153
#CoWinDataLeak & case of #Aadhaar ‘infidelity’ by Ram Sewak Sharma theraisinahills.com/data-breach-ca…
More laugh lines, this time from perplexed @INCIndia on @rssharma3 'Infidelity'.
More laugh lines, this time from perplexed @INCIndia on @rssharma3 'Infidelity'.
Guess who profited the most? The leaker / collector?
$956K was how much @eGovFoundation got for strengthening #CoWIN - This is bigger scam than @13footwall #CoWINDataLeak
$956K was how much @eGovFoundation got for strengthening #CoWIN - This is bigger scam than @13footwall #CoWINDataLeak
The average startup gives you cashback as a bait and collects data - The philanthropist also plays the same game at different pitch no?
• • •
Missing some Tweet in this thread? You can try to
force a refresh
