The onset of COVID-19 in the country saw businesses scramble to imbibe
information regarding coronavirus within their applications and services.
India?s largest telecom company,?Reliance Jio, was one of them too. The My Jio
application not only had information regarding COVID-19 but also had a
self-assessment test that was aimed at helping users in making the decision to
take a COVID-19 test. Unfortunately, a security lapse exposed one of the symptom
checker?s core databases to the internet without any password.

According to a report byTechCrunch
[https://techcrunch.com/2020/05/02/jio-coronavirus-security-lapse/], security
researcher Anurag Sen found the database on May 1 and got in touch with them.
TechCrunch then reached out to Jio and they quickly pulled the system offline.
Unfortunately, it?s not known whether the database was accessed by a third-party
or not.

The symptom checker was introduced by Reliance back in May and allowed Jio users
to check if they may become infected either via the application or via the
website. The feature would also help users located nearest COVID-19 testing
centres in case there was a possibility of being infected.

A section of the leaked database (Image Credit: TechCrunch
[https://techcrunch.com/])The database exposed online is said to have contained
millions of records starting from April 11 until the time it was actually made
offline. The database exposed contained information of users who had taken the
test and the responses they gave to the questions asked. It also contained
information of who these people had been in contact with and if these people had
any pre-existing health conditions.

Some records of users ? who had allowed the symptom checker access to the
phone?s location data ? also contained their precise geolocation that could be
used to find homes of these people by using the latitude and longitude
information.

According to the report, most of the location data was clustered around major
cities like Mumbai but there were also a few users who were located to be in the
United Kingdom and North America.

Jio hasn?t clarified if the users affected have been informed about this
incident or whether the data was accessed by any other third-party. This leak
comes only a week after Facebook took up a 9.99% stake in Reliance Jio for $5.7
billion.

Read Also | Quibi Leaked Users? Emails To Google, Facebook And Twitter
[http://finary.co/startup/quibi-leaked-users-emails-to-google-facebook-and-twitter/]

Read Also | New Nvidia Shield Android TV streaming device leaks via Amazon
listing
[http://finary.co/tech/new-nvidia-shield-android-tv-streaming-device-leaks-via-amazon-listing/]