Reliance Jio’s Security Breach Puts COVID-19 Symptom Checker Tool User’s Data Online

Jio covid-19-tool

The government and telecom companies in India have created their own apps that helped people detect the COVID-19 symptoms in an easiest manner. Reliance Jio and Airtel are among the first few private companies to bring the Coronavirus detection tool to their apps.

Reliance Jio, which made the COVID-19 tool available on MyJio app and Jio website, has seen a massive number of people using the tool to find out if they have any symptoms of the Novel Coronavirus. All these are from a single side of the coin, on the other side, a major security breach has happened on Reliance Jio servers, which lead to the leakage of sensitive information available to public without a password.

Anurag Sen, a renowned security researcher has found the issue on Jio’s servers and informed TechCrunch, which first revealed to the world about the breach. The publication says a security lapse has leaked one of the symptom checker’s core database on the internet and can be accessed without any password.

coronavirus-response-tech-crunch

On identifying the issue on May 1, Anurag Sen had brought to the notice of TechCrunch, which alerted Reliance Jio. The company soon pulled out the servers offline on hearing the issue from the publication.

TechCrunch, in the meanwhile, tried to access the leaked information and found several details of the people who used the tool. The database is huge, containing records of millions of people like age, render, location, answers to the questions asked by the tool. As per the image shared by the publication, the location details of the users are accurate with the clear details of the latitude and longitude.

The leaked data also contain person’s user agent info, which includes browser details, operating system information, and the app can also record the online activity of the users.

Most of the leaked information is from users located in cities like Mumbai and Pune in India. The publication says it also accessed the details of users residing in United Kingdom and North America.