The week starts with the news of another clamorous data breach, personal details of some 120 Million customers of the Indian company Reliance Jio were exposed. If it will be confirmed, the incident is the biggest breach of personal data ever in India.
Reliance Jio Infocomm Limited, or Reliance Jio, is an LTE mobile network operator in India. “It is a wholly owned subsidiary of Reliance Industries that provides wireless 4G LTE service network (without 2G/3G based services) and is the only ‘VoLTE-only’ (Voice over LTE) operator in the country which lacks legacy network support of 2G and 3G, with coverage across all 22 telecom circles in India.“
According to the telecom regulator’s website, Reliance Jio had over 112 million users as of April end,
A few hours ago, a website named Magicapk.com went online, offering Reliance Jio customers to search for their identification data by typing in their Reliance Jio number.
The website was hosted by the web hosting company GoDaddy.com and was registered in May 2017, but there is no data related to the owner.
The website is no more accessible, but many customers confirmed that data was authentic. Stolen data includes names, email addresses, mobile numbers, circle-Id, SIM activation date and time, and for some users the Aadhaar numbers.
Reliance Jio released a statement to deny the data beach and saying the leaked data appears to be “inauthentic.”
“We have come across the unverified and unsubstantiated claims of the website and are investigating it. Prima facie, the data appears to be unauthentic. We want to assure our subscribers that their data is safe and maintained with highest security,” a Jio spokesperson said. “We want to assure our subscribers that their data is safe and maintained with highest security. Data is only shared with authorities as per their requirement.”
The company has “informed law enforcement agencies about the claims of the website and will follow through to ensure strict action is taken.”
The colleagues at the Hacker News verified the leaked data for a few Jio numbers. Data is accurate only for some Jio numbers, but not for all.
“Therefore, the data on the website seems to be authentic, but luckily some customers are spared–probably those who have been issued Jio SIM after the breach.” states the blog post on THN.
“Mobile numbers for other telecom operators in India, such as Vodafone and Airtel, did not work on the website.”
It is still unclear if hackers breached the Reliance Jio systems or if they obtained the data from some third-party marketing company with whom the company shared its customer’s records.
All Reliance Jio customers should be alert for phishing messages or unrequested calls asking for further details about their accounts.
(Security Affairs – Reliance Jio, data breach)