Re­liance Jio in­ves­ti­gat­ing mass data breach claims

Kuwait Times - - BUSINESS -

MUM­BAI: In­dia’s Re­liance Jio is in­ves­ti­gat­ing whether per­sonal data of over 100 mil­lion of its cus­tomers had leaked onto a web­site, in what an­a­lysts said could be the first ever large-scale breach at an In­dian tele­com op­er­a­tor. Jio, In­dia’s new­est tele­coms en­trant, said that the data on the web­site, “Mag­i­”, ap­peared to be “unau­then­tic” and that its sub­scriber data was safe and main­tained with the high­est se­cu­rity. But peo­ple com­plained on Twit­ter about per­sonal in­for­ma­tion of Jio users be­ing pub­licly avail­able on Mag­i­, and some In­dian me­dia said that their checks had led them to be­lieve the leak was real.

Jio de­clined to com­ment on the In­dian me­dia re­ports. “We have in­formed law en­force­ment agen­cies about the claims of the web­site and will fol­low through to en­sure strict ac­tion is taken,” a Jio spokes­woman said. News­pa­per In­dian Ex­press said it was able to cross-ver­ify de­tails on a num­ber of Jio cus­tomers known to them. “In­di­an­ex­ checked with some Jio num­bers and found that de­tails of num­bers bought as late as last week are up on the site. How­ever, it was not clear if all the num­bers are avail­able on the site, as a lot of queries were throw­ing a blank,” the news­pa­per re­ported. Mag­i­ is show­ing as “sus­pended” since late on Sun­day. Rony Das, a se­cu­rity an­a­lyst with De­fencely, an on­line se­cu­rity firm, de­scribed the likely data breach as “dan­ger­ous”.

Aad­haar at risk

Many users had been reg­is­tered for Re­liance Jio ser­vices by us­ing a 12-digit Unique Iden­ti­fi­ca­tion Author­ity of In­dia (UIDAI) pro­vided num­ber, com­monly known as the ‘Aad­haar’ num­ber. The In­dian gov­ern­ment has be­gun man­dat­ing the use of Aad­haar for ev­ery­thing from open­ing a bank ac­count to fil­ing tax re­turns. The ‘Aad­haar’ num­ber, which works on sim­i­lar lines as US So­cial Se­cu­rity num­bers, is unique to ev­ery In­dian cit­i­zen and it stores bio­met­ric data of users in a cen­tral­ized data­base.

Lo­cal tech web­site Me­di­aNama said that Aad­haar in­for­ma­tion on the web­site had been redacted. It also said it had in­de­pen­dently ver­i­fied data on the web­site for mul­ti­ple Jio num­bers, and that the data was ac­cu­rate for those num­bers. Srini­vas Ko­dali, an in­de­pen­dent se­cu­rity re­searcher, said it was tough to as­sess the scale of the al­leged breach un­til “Jio re­leases a state­ment say­ing what went wrong, and how they’re fix­ing it.”

He said that while the al­leged breach was only re­ported by me­dia late Sun­day, data from the po­ten­tial breach was shared on a mes­sage board fo­rum in June and screen­shots of it were also avail­able on the “dark web”. Jio de­clined to com­ment. Jio, run by Re­liance In­dus­tries Ltd, launched last Septem­ber and has al­ready added over 100 mil­lion sub­scribers.

If the claims of the data breach are true, it would be a big set­back for the In­dian tele­com en­trant’s ag­gres­sive push led by Re­liance Chair­man Mukesh Am­bani. Am­bani, In­dia’s rich­est man, through months of free and cut-price deals has pro­pelled Jio into the na­tion’s fastest grow­ing wire­less op­er­a­tor. It added 3.9 mil­lion sub­scribers to its net­work in April. Shares in Re­liance were up slightly in af­ter­noon trad­ing in In­dia yes­ter­day. —Reuters

Newspapers in English

Newspapers from Kuwait

© PressReader. All rights reserved.