Data breach across the globe is a phenomenon that needs to be controlled. Data is readily available to hackers, unless there is strict security measure in place. This year Zomato’s database got leaked with emails and passwords, and globally there have been instances as well.
Reliance Jio is the latest to hit the news for data breach. A website magicapk.com went live last night, providing information for every Reliance Jio owner. It has data like names, email IDs, mobile numbers, date of activation of sim card and circle of activation.
Even though the website has been taken down ever since, the data is out there and might pop up on some other website. You could easily search for someone’s data by entering the Jio mobile number. Thankfully Aadhaar number was hidden or blurred, but this means that it can be still be made public.
Even getting the details for a person took a little time but after a few refreshes the data was easily available to everyone. This is confidential data and users trusted Reliance Jio with it. Considering the company has over 130 million users, it is extremely irresponsible on the company’s part.
After all this, and proofs, Reliance Jio is denying any such leak and violation of privacy of individuals. The company claims that the data is not authentic and data for newer numbers is not available online.
“We have come across the unverified and unsubstantiated claims of the website and are investigating it. Prima facie, the data appears to be unauthentic. We want to assure our subscribers that their data is safe and maintained with highest security. Data is only shared with authorities as per their requirement. We have informed law enforcement agencies about the claims of the website and will follow through to ensure strict action is taken.” a Jio spokesperson told ETtech.
What can be done by Jio?
The person who had uploaded the information on the registered website seems to have all identity hidden and will be difficult to track. However, Jio can look into the matter and make sure users’ information isn’t leaked online like that.
However, it seems that the data loaded to Jio’s servers are not encrypted. This means that unless there is an end-to-end encryption, data is still unsafe and can be easily sourced by hackers. India doesn’t have a strong data protection policy which means that not much can be done by the company or individuals, since Aadhaar number still wasn’t leaked.
This episode is a reminder that your data with large organisations is unsafe too, unless the company has some strict encryption measures in place. However, even online organisations like Google, Facebook and Twitter have had data breaches in the past, only to have stronger algorithms in place to tackle hackers.
Editors Comment: The data breach is real. We checked multiple phone numbers and the data was shown on the website. Here is a video I made yesterday when the breach happened. Also, check the screenshot above that shows the data when you search a number.
