although Jio has denied it, there seems to be little doubt that some details of millions of Jio users have been leaked on the web. It is a serious data breach affecting millions of people, given the size of Jio in India. And although it is true that in India rarely people care about privacy — nothing else explains the cavalier way in which they hand out person details to almost everyone — the size of the Jio leak is such that even the busiest Jio users are noticing it.
While the whole issues is kind of simple for now — data leaked on a website and a few hours after users started noticing it, the website went down — if you are a Jio user you will invariably have some questions and may be some confusion as well. Let’s try to explain the whole issue and answer the questions you may have with some simple bullet points.
The Jio data leak, which you are hearing about, refers to the data of users that was posted on a website called magicapk.com. It was posted sometime last week although most of the people noticed it only on Sunday evening when Twitter users — most notably @amit_meena — started talking about it.
The data that was saved on the magicapk.com servers was searchable by a very simple and basic user interface. It required people to input the Jio number in the search field, which then returned with the user details if available. If user details were not available, the result page would show empty text fields in front of categories like number, email id and Aadhaar etc.
The leaked Jio data contained the emails ids, phone number, full names etc for the user data. It doesn’t look like that Aadhaar number was leaked even though many Jio numbers were issued after the Aadhaar verification.
The leaked data is no longer available on the magicapk.com. The website has gone down, either taken offline by the website host or probably it has run out of bandwidth. But the data is also apparently on sale in dark web forums frequented by hackers and cyber criminals. Interestingly people who are selling the data aren’t calling it Jio data. They only say that the data contains details of 120 million users of a big telecom firm in India. They also say that the data has details like the incoming and outgoing call records.
Jio has denied that its user data has leaked. This is rather strange because Jio data does seem to be out in the public. A Jio spokesperson has said: “We have come across the unverified and unsubstantiated claims of the website and are investigating it. Prima facie, the data appears to be unauthentic. We want to assure our subscribers that their data is safe and maintained with highest security. Data is only shared with authorities as per their requirement. We have informed law enforcement agencies about the claims of the website and will follow through to ensure strict action is taken.”
If you are a Jio users from the early days of the launch of the service, chances are that your data has been leaked. But if you have taken a Jio connection in the last few months, it is possible that your data has not been leaked, or at least is not part of the data dump that was posted on magicapk.com.
What all has leaked? As noted earlier, it doesn’t look like your Aadhaar details have leaked through the Jio data leak. But of the particular concern is the leak of the email ID, which nowadays is a sort of key to people’s digital lives. The number too has been leaked, along with the full name.
The big question is what should you do now? If you are a Jio user, you should ask the company for details. Unfortunately, that is all you can do right now. India doesn’t have a law on privacy or data protection so there is no legal recourse available to you. At the same time, the state of cyber security too is rather poor in India. Today it’s Jio data. Tomorrow it could be data belonging to some other phone company or bank or even a government organisation. Although you can minimise chances of the data leak by being careful about sharing something like phone number with people and companies.
Is there a possibility of misuse of the leaked Jio data? Yes, there is. Both the phone numbers and email IDs of Jio users can be misused, especially if these are the primary numbers and primary email IDs. Although, this is not specific to just the Jio data leak. Whenever your phone number and primary email ID leak on the web, there is always a chance of someone, somewhere misusing it.
What’s next for Jio users? Again it is not specific to Jio users. But to almost everyone in India. There is very little Indian phone and web users can do right now about their privacy, particularly in light of Aadhaar which is nowadays linked to almost everything and has now become mandatory for even SIM cards. The only way there can be some respite for Indian users when it comes to privacy is if the government comes out with watertight laws on privacy and data protection. But so far government has shown no inclination to do something like this.