In what could be the biggest data breach ever in India, Reliance Jio customer data has been posted on a website by the name magicapk.com. Reliance Jio, which has over 120 million users in India, said prima facie the data seemed to be unauthentic and it was investigating the “unverified and unsubstantiated claims of the website”. The site has since gone offline and is no longer accessible.
The breach was first reported by Fonearena.com after it was informed of the same by readers. Editor Varun Krish told indianexpress.com that he was shocked when he was able to find details of himself and his colleagues. Indianexpress.com checked with some Jio numbers and found that details of numbers bought as late as last week are up on the site. However, it was not clear if all the numbers are available on the site, as a lot of queries were throwing a blank.
The site has just a search box where you can enter any Jio number and get details of the customer in return. We tried with a number purchased on July 2, 2017 and the activation date, circle and name of customer showed up. The Aadhaar and email numbers were blank for this number, though Fonearena has put out at least three numbers for which Aadhaar and emails were available on the page. The site kept throwing a blank for other numbers we tried or kept crashing.
Around 11.40 pm, with more queries coming in, the site seemed to have gone offline. It is unclear whether it crashed or was suspended by authorities.
In a statement, a Reliance Jio spokesperson said prima facie the data appears to be unauthentic. “We want to assure our subscribers that their data is safe and maintained with highest security. Data is only shared with authorities as per their requirement. We have informed law enforcement agencies about the claims of the website and will follow through to ensure strict action is taken,” the spokesperson said in a written response.
The site was registered by godaddy.com on May 18, 2017. The Whois data for the site is not available.