Home News and Updates Reliance Jio Data Leak: Database storing COVID-19 Symptom Checker result found unprotected!

Reliance Jio Data Leak: Database storing COVID-19 Symptom Checker result found unprotected!

by John Bhatt

Reliance Jio Data Leak is once again in news. Reliance Jio has integrated COVID-19 Symptom checker tool in their application and invited users to try as being one of the largest Telecom operators.

Reliance Jio Data Leak: What is the case?

As per report published on TechCrunch, security researcher Anurag Sen (@hak1mlukha) has found and informed about the security lapse on Reliance Jio server which left millions of records exposed on internet.

Reliance Jio has been asking their users to take COVID-19 Symptom Checker, which is integrated in MyJio application, all the data submitted by users using this tool is stored in a database with is left without any password.

Hence anyone who wish could access the database and have misused the data.

What was stored in the Database?

The database contains millions of logs and records starting April 17 through to the time that the database was pulled offline. Although the server contained a running log of website errors and other system messages, it also ingested vast numbers of user-generated self-test data. Each self-test was logged in the database and included a record of who took the test — such as “self” or a relative, their age, and their gender.

TechCrunch Post.

Following data is stored in that database which is responsible for this Reliance Jio Data Leak.

  • User generated Self-Test data. (Response of Test Question)
  • Who took the test?
  • What is the age & gender?
  • What is browser agent (also contains Operating System version & Browser version details)?
  • What is the location of user? (in some case Precise location else nearest city)
Reliance Jio Data Leak - Screenshot from TechCrunch
Reliance Jio Data Leak – Screenshot from TechCrunch

What is current status of Reliance Jio Data Leak problem?

Reliance Jio has taken database offline immediately once reported. However, they are yet to issue any public notice or explanation of what went wrong. For now, the data has been secured as it is offline but before going offline, data remained online unprotected for more than 2 weeks. It is unknown yet whether it has been accessed by someone for misuse.

All this coming soon after Reliance & Facebook deal is bit worrying. As Facebook has been earlier involved in data leak & selling cases and have faced major criticism for selling data during election times. Users are cautioning Jio to be more careful.

0 comment

Related Articles

Leave a Reply