Jio users data leaked email IDs,Aadhar Number and Is Your Data safe?

Jio users data leaked email IDs,Aadhar Number and Is Your Data safe?

 

In arguably one of the biggest data leaks ever in India, details of millions of Jio users have been leaked on the web. The details, which were until yesterday evening were available on a website called magiapk.com, contain the name, the Jio number, when that number was activated, email id and what verification ID was used to activate the number. It has been estimated that nearly 120 million Jio users have been affected.
Aadhaar numbers, which are also linked with millions of Jio numbers as Jio used them to authenticate users from October-November last year, don't seem to have leaked, not publicly at least.The news of the Jio data leak surfaced around 6pm on Sunday as some users started talking about it on Twitter. The drill was simple. Go to Magicapk, put in the Jio number for which you needed the details and search. The website then fetched the data.

Although most people discovered on Sunday evening, apparently at the same time when even Jio came to know about the fact that its user data was available publicly, the Magicapk.com was in the business for the last few days.

As more people became aware of the Jio data leak, the Magical.com servers were hit with massive traffic. Then in some cases they worked, in some they didn't. Jio apparently sprung into action around 9pm. By midnight the website magicapk.com was down, although it is not sure if it was taken by its service provider or it went offline because it exhausted the bandwidth allotted to it. Right now if you open magicapk.com it shows an error saying that the account of the website owner has been suspended.  

  

For now Jio has denied the data leak. "We have come across the unverified and unsubstantiated claims of the website and are investigating it. Prima facie, the data appears to be unauthentic. We want to assure our subscribers that their data is safe and maintained with highest security. Data is only shared with authorities as per their requirement. We have informed law enforcement agencies about the claims of the website and will follow through to ensure strict action is taken.

This is possibly the reason why in some of the web forums frequented by hackers and scammers, the Jio data is already seemingly on sale. Although name Jio doesn't find any mention in his post, there is a user called M00n$hine who has put up on sale a database containing details of 120 million users of a big Indian telecom firm. According M00n$hine the database not only contains user details but also their CDR details that have outgoing and incoming call-related information. The user is selling details of 20 lakh consumers at a price of 19 bitcoins.  

Is your data safe?

Although Jio has denied it, there seems to be little doubt that some details of millions of Jio users have been leaked on the web. It is a serious data breach affecting millions of people, given the size of Jio in India. And although it is true that in India rarely people care about privacy -- nothing else explains the cavalier way in which they hand out person details to almost everyone -- the size of the Jio leak is such that even the busiest Jio users are noticing it.

While the whole issues is kind of simple for now -- data leaked on a website and a few hours after users started noticing it, the website went down -- if you are a Jio user you will invariably have some questions and may be some confusion as well. Let's try to explain the whole issue and answer the questions you may have with some simple bullet points.
  1. The Jio data leak, which you are hearing about, refers to the data of users that was posted on a website called magicapk.com. It was posted sometime last week although most of the people noticed it only on Sunday evening when Twitter users -- most notably @amit_meena -- started talking about it.
  2. The data that was saved on the magicapk.com servers was searchable by a very simple and basic user interface. It required people to input the Jio number in the search field, which then returned with the user details if available. If user details were not available, the result page would show empty text fields in front of categories like number, email id and Aadhaar etc.
  3. The leaked Jio data contained the emails ids, phone number, full names etc for the user data. It doesn't look like that Aadhaar number was leaked even though many Jio numbers were issued after the Aadhaar verification.
  4. The leaked data is no longer available on the magicapk.com. The website has gone down, either taken offline by the website host or probably it has run out of bandwidth. But the data is also apparently on sale in dark web forums frequented by hackers and cyber criminals. Interestingly people who are selling the data aren't calling it Jio data. They only say that the data contains details of 120 million users of a big telecom firm in India. They also say that the data has details like the incoming and outgoing call records.
  5. Jio has denied that its user data has leaked. This is rather strange because Jio data does seem to be out in the public. A Jio spokesperson has said: "We have come across the unverified and unsubstantiated claims of the website and are investigating it. Prima facie, the data appears to be unauthentic. We want to assure our subscribers that their data is safe and maintained with highest security. Data is only shared with authorities as per their requirement. We have informed law enforcement agencies about the claims of the website and will follow through to ensure strict action is taken."
  6. If you are a Jio users from the early days of the launch of the service, chances are that your data has been leaked. But if you have taken a Jio connection in the last few months, it is possible that your data has not been leaked, or at least is not part of the data dump that was posted on magicapk.com.
  7. What all has leaked? As noted earlier, it doesn't look like your Aadhaar details have leaked through the Jio data leak. But of the particular concern is the leak of the email ID, which nowadays is a sort of key to people's digital lives. The number too has been leaked, along with the full name.
  8. The big question is what should you do now? If you are a Jio user, you should ask the company for details. Unfortunately, that is all you can do right now. India doesn't have a law on privacy or data protection so there is no legal recourse available to you. At the same time, the state of cyber security too is rather poor in India. Today it's Jio data. Tomorrow it could be data belonging to some other phone company or bank or even a government organisation. Although you can minimise chances of the data leak by being careful about sharing something like phone number with people and companies.
  9. Is there a possibility of misuse of the leaked Jio data? Yes, there is. Both the phone numbers and email IDs of Jio users can be misused, especially if these are the primary numbers and primary email IDs. Although, this is not specific to just the Jio data leak. Whenever your phone number and primary email ID leak on the web, there is always a chance of someone, somewhere misusing it.
  10. What's next for Jio users? Again it is not specific to Jio users. But to almost everyone in India. There is very little Indian phone and web users can do right now about their privacy, particularly in light of Aadhaar which is nowadays linked to almost everything and has now become mandatory for even SIM cards. The only way there can be some respite for Indian users when it comes to privacy is if the government comes out with watertight laws on privacy and data protection. But so far government has shown no inclination to do something like this.

 

Comments

Post a Comment

Popular posts from this blog

Yet another Suicide due to the Blue Whale Suicide game!! The game has found its first victim in India.

Image
Yet another Suicide due to the Blue Whale Suicide game!! The game has found its first victim in India. Shocking and gory details have emerged out of the investigations in the suicide of a 14-year-old boy in Mumbai. The suicide could possibly be India's first case of death linked to the social media challenge called Blue Whale.      What is the Blue Whale Challenge? The Blue Whale game or Blue Whale Challenge is believed to be a suicide game wherein a group of administrators or a certain curator gives a participant a task to complete daily — for a period of 50 days — the final of which is the participant committing suicide. Participants are expected to share photos of the challenges/tasks completed by them. These daily tasks start off easy — such as listening to certain genres of music, waking up at odd hours, watching a horror movie, among others, and then slowly escalate to carving out shapes on one’s skin, self-mutilation and eventually suicide. There
Read more

Ultimate Modded android apps post[Gbwhatsapp|OGinsta+|OGYoutube][Direct Download Link][NO adds]

Image
Ultimate Modded android apps post Hello guys in this post you will get the Direct Download link of all the useful modded apps.Now no need to search Different website for Download Link of Modded apps. You will get all the apps in this one ultimate post. *Gbwhatsapp Download link updated*OG telegram telegram Download link added* WHY DIRECT DOWNLOAD LINK ?WHY NOT SHORT URLs?WHY THERE ARE NO AD'S ON YOUR BLOG? ONE ANSWER FOR ALL THESE..THIS BLOG IS FOR EDUCATIONAL PURPOSE AND FOR EFFECTIVE EXPERIENCE FOR MY READERS.    Don't forget to Bookmark this post as the latest version of the MOD APPS will be updated regularly  Also Subscribe to this blog by Clicking on the Subscribe Button on the top of this blog. Watch this video, How to     What are modded apps? Mo dded apps are basically mod of the regular apps, which includes additional features,some unlocked features and pro features. Does it harm your phone? NO till now I haven't encount
Read more

[GoldenEye]DOS attack any website using the most powerful tool GoldenEye[kali tutorials]

Image
[GoldenEye]DOS attack any website using the most powerful tool GoldenEye[Kali Linux] This tool will guaranteedly take down any website What is DOS attack? Denial-of-service attack  In computing , a denial-of-service attack ( DoS attack ) is a cyber-attack where the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet . Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled GoldenEye GoldenEye is an python app for SECURITY TESTING PURPOSES ONLY! GoldenEye is a HTTP DoS Test Tool. Attack Vector exploited: HTTP Keep Alive + NoCache   Author: Jan Seidl Website: http://wroot.org/ Without wasting the time to explain about how the tool works and some additional information about
Read more