A week after Facebook pumped $5.7 billion in Reliance Jio for 10%, the Indian telecom has run into a database exposure incident. Earlier today, a security researcher named Anurag Sen has identified and informed TechCrunch about the unprotected database related to Jio, which is having millions of user-generated self-test data regarding Coronavirus. While there’s no trace of being breached by anyone yet, Jio immediately pulled down the system hosting database as a precaution.

Jio Exposes User Data
Jio Exposes User Data

Millions of User-Generated Data At Stake

The rapid spreading of Novel Coronavirus has led many tech companies to come forward and contribute in their part. One such play is by Jio, led by India’s wealthiest man Mukesh Ambani and his firm, Reliance. Jio is India’s largest telecom service with over 370+ million followers; it’s a new feature for checking COVID-19 symptoms that were visited by millions since its launch. And the database of this information was just left online without any password!

A redacted part of exposed data
A redacted part of exposed data

Anurag Sen, a security researcher who found the database first, has informed TechCrunch to be notified to Jio. And when TechCrunch did check and told, Jio pulled down the system that’s hosting the database. The feature, COVID-19 symptom checker, is a limited tool accessible through the web browser and in Jio’s app. Users can answer simple questions about their recent activity to know the potential exposure to any Coronavirus patients.

The database, which is user-generated self-test data, also includes a portion of data relating to the user device’s OS, browser version, and exact geo-location, if provided by the user. Apart from these, there’s personally identifiable information by those who’ve logged via the app. Upon informing Jio spokesperson, Tushar Pania said the logging server was meant to monitor the performance of their website.

While there’s no data breach or abuse detected by anyone till now, it’s suggested to clear that site cookies to avoid being caught by browser info. Further, there symptom checker page also has the information from health authorities, daily statistics, nearby test centers list, and helpline to aid citizens about information regarding the virus.

Via: TechCrunch


Please enter your comment!
Please enter your name here