Jio probing data breach claims
Reliance Jio is investigating whether personal data of over 100 million of its customers had leaked onto a website, in what analysts said could be the first ever large-scale breach at an Indian telecom operator.
Jio said that the data on the website, “Magicapk.com”, appeared to be “unauthentic” and that its subscriber data was safe and maintained with the highest security.
But people complained on Twitter about personal information of Jio users being publicly available on Magicapk.com, and some Indian media said that their checks had led them to believe the leak was real. Jio declined to comment on media reports.
“We have informed law enforcement agencies about the claims of the website and will follow through to ensure strict action is taken,” a Jio spokeswoman said.
The said it was able to cross-verify details on a number of Jio customers known to them. “Indianex- press.com checked with some Jio numbers and found that details of numbers bought as late as last week are up on the site. However, it was not clear if all the numbers are available on the site, as a lot of queries were throwing a blank,” the newspaper reported.
Magicapk.com is showing as “suspended” since late on Sunday. Rony Das, a security analyst with Defencely, an online security firm, described the likely data breach as “dangerous”.
Local tech website MediaNama said that Aadhaar information on the website had been redacted. It also said it had independently verified data on the website for multiple Jio numbers, and that the data was accurate for those numbers.
Srinivas Kodali, an independent security researcher, said it was tough to assess the scale of the alleged breach until “Jio releases a statement saying what went wrong, and how they’re fixing it.”