Jio in Danger Database Got Hacked.

Reliance Jio consumer data has been posted online by a website named magicapk.com. While the site is now offline, Reliance Jio has said a probe is on into the incident and assured users that the data leaked and posted online was “unauthentic”. However as Fonearena.com, which first reported the breach, and indianexpress.com have seen, the data on the website did give back accurate results for name, number, emails, activation date, circle. But we could not see the Aadhaar data for our number.

Also Read:'Petya' Ransomware CyberAttack.

Reliance Jio’s user data was posted on a website called magicapk.com. The website has been suspended, but those who’ve checked out the data found that email id, first name, last name, Reliance Jio mobile number, activation date for the SIM along with the activation circle did match accurately for a lot of numbers. In some cases, Aadhaar number was also available online. However, we didn’t see the Aadhaar number for the data that we explored on the website.

The data breach is a serious because Reliance Jio has 120 million active subscribers in India, and this could well be India’s biggest data breach ever. What is not confirmed is whether all of the data was compromised or only parts of it, as a lot of queries on the site returned blank results. The other issue with such data leaks is that in case of Jio, many of the activations for the service are done via Aadhaar. If Aadhaar data is leaked that is even more cause for worry.Activists and NGOs have cried themselves hoarse over the risks associated with Aadhaar, the government's identity number programme, but few realise the smartphones are a far bigger risk.

The data that was saved on the magicapk.com servers was searchable by a very simple and basic user interface. It required people to input the Jio number in the search field, which then returned with the user details if available. If user details were not available, the result page would show empty text fields in front of categories like number, email id and Aadhaar etc.The leaked Jio data contained the emails ids, phone number, full names etc for the user data. It doesn't look like that Aadhaar number was leaked even though many Jio numbers were issued after the Aadhaar verification.

The leaked data is no longer available on the magicapk.com. The website has gone down, either taken offline by the website host or probably it has run out of bandwidth. But the data is also apparently on sale in dark web forums frequented by hackers and cyber criminals. Interestingly people who are selling the data aren't calling it Jio data. They only say that the data contains details of 120 million users of a big telecom firm in India. They also say that the data has details like the incoming and outgoing call records.

Jio has denied that its user data has leaked. This is rather strange because Jio data does seem to be out in the public. A Jio spokesperson has said: "We have come across the unverified and unsubstantiated claims of the website and are investigating it. Prima facie, the data appears to be unauthentic. We want to assure our subscribers that their data is safe and maintained with highest security. Data is only shared with authorities as per their requirement. We have informed law enforcement agencies about the claims of the website and will follow through to ensure strict action is taken."

If you are a Jio users from the early days of the launch of the service, chances are that your data has been leaked. But if you have taken a Jio connection in the last few months, it is possible that your data has not been leaked, or at least is not part of the data dump that was posted on magicapk.com.

What all has leaked? As noted earlier, it doesn't look like your Aadhaar details have leaked through the Jio data leak. But of the particular concern is the leak of the email ID, which nowadays is a sort of key to people's digital lives. The number too has been leaked, along with the full name.

What's next for Jio users? Again it is not specific to Jio users. But to almost everyone in India. There is very little Indian phone and web users can do right now about their privacy, particularly in light of Aadhaar which is nowadays linked to almost everything and has now become mandatory for even SIM cards. The only way there can be some respite for Indian users when it comes to privacy is if the government comes out with watertight laws on privacy and data protection. But so far government has shown no inclination to do something like this.