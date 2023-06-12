with inputs from Vallari Sanzgiri On June 11, the Fourth broke the news that a Telegram bot was leaking information about people who had received COVID-19 vaccination. The bot allowed one to simply enter someone’s phone number and receive details like the person’s Aadhar number, vaccination status, gender, and date of birth. Besides vaccination details, the bot was also revealing other private information such as Voter IDs, passport numbers, and details of family members. The leak is reported to be a result of the CoWIN portal where people’s vaccination details had been registered. The bot was reported to Telegram and has now been deactivated. Why it matters: Such a leak of private information reveals the presence of major vulnerabilities in India’s health data infrastructure - making a large population of the country (those who vaccinated themselves against COVID-19) susceptible to scams and identity theft. What did the data leak reveal? The bot allowed people to find information about many members of the parliament, including the chairperson of CoWIN (and also a key player in the development of Aadhaar), Ram Sewak Sharma. It is worth noting that Sharma didn’t use his Aadhaar card during the vaccination process. This was because his Aadhaar number had been used by someone else to get vaccinated, which creates doubts about the safety of Aadhaar numbers (Context: In 2021, Sharma had challenged Twitter user @kingslyj to show him how making his Aadhaar number public could be harmful). Ram Sewak Sarma, chairman of CoWin high power panel, didn't give his pet…

