In one of India’s biggest data breach, Indian telecom operator Reliance Jio‘s 120 million subscribers data appears to be leaked and made public. The leaked information includes some too sensitive details like the first name, last name, mobile number, email id, telecom circle, SIM activation data and most importantly Aadhaar number.

Reported first by fonearena, the Reliance Jio’s leaked subscriber database seems to available to everyone to see and download. The leaked details were available through a website called magicapk. That website even offered a search functionality where you could input your Jio mobile number and all your sensitive details collected by Reliance Jio during SIM registration were displayed.

Reliance Jio Subscriber Database including Aadhaar Number Leaked

When I tried myself, I could find my own details being exposed on the website. I test Jio numbers of several friends of mine and each time I could get complete details of their data. There has been a report that Jio customer registered one week before could also find their details in the leaked database. It suggests the Reliance Jio subscriber database leak may have recently happened. At the time of writing this article, it seems the website has been taken down, probably by Reliance Jio authorities.

Reliance Jio Customer Data Breach

  • More than 120 million Jio subscribers personal details leaked through a website (magicapk).
  • Leaked sensitive information includes first name, last name, mobile number, email id, telecom circle, SIM activation data and Aadhaar number.
  • All data seems to be public and anyone with a Jio mobile number could get the details.
  • Reliance Jio has started an investigation regarding this breach.

Reliance Jio seems to act quickly on the breach, claiming the data on the website is unverified and unsubstantiated. The operator has already started an investigation in this matter. “We have come across the unverified and unsubstantiated claims of the website and are investigating it. Prima facie, the data appears to be unauthentic. We want to assure our subscribers that their data is safe and maintained with the highest security. Data is only shared with authorities as per their requirement. We have informed law enforcement agencies about the claims of the website and will follow through to ensure strict action is taken.

Even if Reliance Jio says there is no data breach, I could find my own personal details on the website. The telecom operator needs to act fast and answer the concern of its customers.

update: 12 July, 2017

According to PTI, Maharashtra Police has detained a 35-year-old computer science dropout nickname ‘Imran Cimpa’ from Rajasthan for his alleged involvement in the leak of Reliance Jio’s subscriber data. “One person has been detained. Further evidence collection and interrogation is in the process,” said Maharashtra Cyber Police’s Superintendent Balsingh Rajput.

Police have seized suspect’s laptop, computer, mobile and storage devices and will be sent to the cyber department for further examination. Currently, a team from Maharashtra Cyber Police, Navi Mumbai police and Reliance Jio officials are conducting search and seizure operations in Rajasthan.

|