Indian telco Reliance Jio denies claims of 100m record data breach

Site hosting claimed 'leaks' disappears

Padlock

A row over data security is gripping India, with Reliance telco brand Jio denying claims it has leaked the details of 120 million customers.

The FoneArena blog was first to spot data purporting to be LTE-only network Jio customer information on the now-suspended magicapk.com.

While FoneArena asserts the information was genuine, Jio told The Register what it also told other outlets – that it's not.

Here's the company's statement in full:

We have come across the unverified and unsubstantiated claims of the website and are investigating it. Prima facie, the data appears to be unauthentic. We want to assure our subscribers that their data is safe and maintained with highest security. Data is only shared with authorities as per their requirement. We have informed law enforcement agencies about the claims of the website and will follow through to ensure strict action is taken.

The magicapk.com site (on one Indian-hosted IP address and one US-hosted IP according to Robtex) only landed in the Archive.org Wayback index on July 9. What was captured then seems to offer a phone-number-to-SIM lookup:

Wayback capture of Magic APK site

The now-disabled magicapk.com

The Register can't verify whether this was genuine, but notes that the site is specific to Jio numbers.

FoneArena's editor Varun Krish reckons the leak was genuine, telling the New Indian Express his own personal details, and those of some of his staff, were present if they searched their own Jio numbers.

Jio has reported the allegations to CERT-In and Navi Mumbai Police, and India's Economic Times (not linked, because you don't need that many ads – El Reg) quoted consultancy Ernst and Young as attributing the breach to an unnamed third party. ®

Sponsored: The Joy and Pain of Buying IT - Have Your Say


Biting the hand that feeds IT © 1998–2017