Jio security lapse exposes millions of medical records

Data stored on a server without adequate security

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

A security flaw in the coronavirus symptom checker made by India’s largest telecom operator, Reliance Jio, has exposed the results of millions of users.

The exposed data includes geo-location of the users along with the self-assessment data of these users. While Jio has pulled down the server, no misuse of the data has been reported yet.

The service was launched in March, right before India’s nationwide lockdown was announced, and allowed users to self-screen themselves for the virus. However, an apparent Jio security lapse meant that one of the core databases, where the results were stored, was exposed to the internet without any password protection.

Jio breach

The affected database was then discovered by security researcher Anurag Sen, whose alert prompted the company to take down the server immediately. According to Sen, the database contained data of millions of users right from April 17 till it was finally pulled down on May 1.

The database reportedly contained information about the devices’operating system, browser version and answers to all the questions asked in the assessment, apart from some generic information.

For some users, the database also had a precise location, possibly linked to those . who had activated the track location feature in their browser. Apart from user data, website error logs and system messages were also found in the database.

According to the report, the database mostly contained the information of users from Indian cities like Mumbai and Pune, however, some records of British and American nationals were also found.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

“We have taken immediate action. The logging server was for monitoring performance of our website, intended for the limited purpose of people doing a self-check to see if they have any COVID-19 symptoms," said Jio spokesperson Tushar Pania in a statement.

Via:TechCrunch

Jitendra has been working in the Internet Industry for the last 7 years now and has written about a wide range of topics including gadgets, smartphones, reviews, games, software, apps, deep tech, AI, and consumer electronics.

HPE reveals critical security bug affecting networking access points

A critical Palo Alto Networks bug is being hit by cyberattacks, so patch now

Ireland vs New Zealand live stream: how to watch 2024 rugby union Autumn International online from anywhere