Hackers Selling Access To CoWin Portal in The Dark Web

CoWin Indian's digital platform seems to be in Hacker's hands. Hackers Selling Access To CoWin Portal in a popular Underground forum. 

CoWin is a digital platform used by the Indian Government to support its mass vaccination program. The platform provides services such as online registration, appointment scheduling & vaccine coverage tracking. CoWin also facilitates healthcare service providers in managing vaccine stock and administering the vaccines to eligible citizens at approved sites.

On December 8, an unknown Hacker claimed to have hacked the CoWin Portal, gained access to the admin portal, and owned the database. 

The Hacker Claims he has access to 5K employee records and can edit and delete the records. They also posted some sample data and screenshots, which seem legitimate data.

The Breached data contains the Full Name, phone number, address and PIN code. 

Here are some of the photos posted on the Dark web forum

Phone Numbers, Addresses are blurred for privacy reasons.

Conclusion

Since the data is of Internal Employees of CoWin, we cannot verify that the breach is confirmed; and that the Hacker did not disclose any vulnerability yet, the breach seems real. We will update this article if we find additional information.