Reliance Jio User Data Leak: Suspect Motivated by Lure of Free Recharge

Reliance Jio User Data Leak: Suspect Motivated by Lure of Free Recharge
Highlights
  • Chippa was arrested last week for accessing Jio's database
  • He got hold of a message which promised people ways to get free recharges
  • After clicking on the link provided, he found out an ID and password
Advertisement

It was the lure of free recharge after Reliance Jio started charging its customers that led 35 -year-old computer science student Imran Chippa to gain unauthorised access to the company's database systems, a police official said today.

Chippa was arrested last week in connection with the unauthorised access to the Reliance Jio's database.

"Chippa got hold of a forwarded message on a chat application which promised people ways to get free recharges. After clicking on the link provided, he found out an ID and password," the official said.

Jio Phone, Free With Rs. 1,500 Deposit, Unlimited 4G Data, Launched

These credentials are the ones given to Jio vendors to be put in a specially designed mobile application for carrying out transactions like recharges for customers.

The credentials (the ID and password found by him) which the accused got were reportedly of a vendor in Odisha. However, Chippa, who had earlier appeared for an MCA exam and was searching for a job, could not get the free recharge that he was seeking, the official said.

He put in Jio mobile numbers on the app after gaining access using the credentials and was surprised to get "personal details" of Jio customers, he said.

Want to Buy Jio Phone? Here's How You Can Book One

"This is when an idea to commercially utilise the data stuck him. Using his skills of computer programming, Chippa began developing an app similar to (the app) TrueCaller and started by creating a Web host," the official said.

In that attempt, he created the website - magicapk.com - which was hosted by Andheri-based company Endurance International Group, he said.

According to police, Chippa claimed to provide Jio user data through his website.

He allegedly started to get unauthorised access to Reliance Jio's systems in the first week of July and the company's customer data started to appear on magicapk.com, he said.

Vigilance officials from Jio were shocked to discover the access given to commoners through the website on July 9 at 5.15pm and continued monitoring the same till 9.30pm, the police official said.

The vigilance officials then approached the Rabale MIDC police station later with a complaint.

"Since getting unauthorised access to Jio's data, the website magicapk.com had got more than 50,000 hits by viewers," Navi Mumbai's Deputy Commissioner of Police (crime) Tushar Doshi told PTI.

On July 9, a telecom industry portal wrote about the alleged data security issues, following which a probe was launched which resulted in the arrest of Chippa from Rajasthan.

He is a resident of Rajasthan's Sujangarh town.

Jio had earlier said that the claims of the website were "unverified" and "unsubstantiated".

"Prima facie, data appears to be unauthentic. We want to assure our subscribers that their data is safe and maintained with highest security. Data is only shared with authorities as per their requirement," it had said.

Jio had said it has "informed law enforcement agencies about the claims of the website and will follow through to ensure strict action is taken".

Jio Phone Plans Start at Rs. 153 Per Month, Jio Phone TV-Cable Announced

Doshi had earlier explained that as part of its regular operations, Jio - whose subscriber base had crossed 100 million within six months of the launch - makes certain data available to its retailers through a website and Chippa gained unauthorised access to the company's servers.

Asserting that this excludes sensitive details like Aadhaar details or PAN numbers, Doshi said one was able to get a Jio subscriber's name, email ID, SIM activation date, telecom circle and alternate number by putting the Jio number in the search command.

Reliance was one of the first operators to add customers solely on the basis of Aadhaar details as address and identity proof. Later, the government made it mandatory for all new connections to be activated against Aadhaar details.

The presence of Aadhar details, which includes biometrics, had raised concern in certain quarters after the data breach came to light.

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Jio Phone Has No WhatsApp Support, Comes With 500MB Daily 4G Data Limit
China Aims to Become World Leader in AI, Challenges US Dominance
Facebook Gadgets360 Twitter Share Tweet Snapchat LinkedIn Reddit Comment google-newsGoogle News

Advertisement

Follow Us
© Copyright Red Pixels Ventures Limited 2024. All rights reserved.
Trending Products »
Latest Tech News »