Jio, backed by Facebook, leaked coronavirus app data because he didn’t have a password



[ad_1]

A safety lapse in the Reliance Jio coronavirus symptom checker exposed the results of millions of people who took the tests. As first reported by TechCrunch, although the data was largely anonymous in nature, the bad actors could have tapped and released all the information.

Jio, India’s largest mobile network provider, launched its coronavirus symptom checker in March with the aim of helping people find relevant resources if necessary.

[Read: After Facebook’s mega-investment, Indian carrier Reliance Jio raises $748M from Silver Lake]

Tushar Pania, a Jio spokesman said the company has removed the database:

We have taken immediate action. The registration server was for monitoring the performance of our website, intended for the limited purpose of people doing a self-test to see if they have any COVID-19 symptoms.

On May 1, security researcher Anurag Sen found a central database related to the service that was accessible without a password. It contained logs and logs from April 17 until Jio removed the database from the network after TechCrunch reported to the company.

The 369 GB database contained information such as age, gender, test result, browser version, operating system, and in some cases, accurate location data. If a user had registered with the service, the database also exposed their personal information.

At the moment it is not clear if anyone else was able to access the database. While most of the data was anonymized, with location data and other information, cybercriminals could identify an individual.

Protecting databases with passwords is one of the basic security steps, and a company like Jio that handles millions of records should be more careful with their systems.

Crown coverage

Read our daily coverage on how the tech industry is responding to coronavirus and subscribe to our weekly Coronavirus in Context newsletter.

For tips and tricks on how to work remotely, check out our Growth Quarters articles here or follow us on Twitter.



[ad_2]