In an interesting development , Jio customer data has been leaked on an independent website named magicapk.
Several sensitive details including first name, last name ,mobile number, email-id,circle, SIM Activation Date and even Aadhaar Number have been exposed. To my disbelief I found my own details in the database and also couple of my colleagues are affected too.
It could be the biggest data breach in India as the data leak in question over pertains to a database of over 120 million users of Reliance Jio. The website seems already a little sluggish and expected to go down soon as more users rush to find out if their personal data has been leaked. It took a couple or three tries for the number to show up on the website. It is not clear at this moment why this data has been leaked or how someone outside Jio got access to sensitive customer data.
We tried finding the details about the owner of the domain in question but seems to be hidden and marked private. Also we observed that those who got the Jio sim card during the preview offer are most affected. Recent numbers don’t seem to be found in the database. Also we were not able to see AADHAR of the customer from the limited numbers we tried.
When ETtech checked the authenticity of the website by using different Jio numbers, it showed data related to the concerned person except in certain cases when we had to refresh the page numerous times to get the required data associated with a number.
Also, when we tried pulling out data with certain other Jio numbers, the website did not turn up any results. Interestingly, the website even claims to give out Aadhaar details but in all the numbers that we searched for, it did not show any results.
Also, the details of the owner of the domain are hidden. An independent cyber security researcher researcher whom ETtech reached out to said that many such phone numbers are easily available in the dark web and with data brokers. “It is very easy to get hold of phone numbers and details about the person in India through data brokers across the country. But as of now it’s not clear why someone decided to put this up in this manner will,” says the researcher who didn’t want to named.
We still stand by our story. We have checked multiple Jio numbers of our own and 3rd parties on the website where the data has been leaked and our personal information is available.