Reliance Jio consumer data has been posted online by a website named magicapk.com. While the site is now offline, Reliance Jio has said a probe is on into the incident and assured users that the data leaked and posted online was “unauthentic”. However as Fonearena.com, which first reported the breach, and indianexpress.com have seen, the data on the website did give back accurate results for name, number, emails, activation date, circle. But we could not see the Aadhaar data for our number.
Here’s a quick look at everything you need to know about the Reliance Jio data breach.
What is the Reliance Jio data breach? Why does this matter?
Reliance Jio’s user data was posted on a website called magicapk.com. The website has been suspended, but those who’ve checked out the data found that email id, first name, last name, Reliance Jio mobile number, activation date for the SIM along with the activation circle did match accurately for a lot of numbers. In some cases, Aadhaar number was also available online. However, we didn’t see the Aadhaar number for the data that we explored on the website.
The data breach is a serious because Reliance Jio has 120 million active subscribers in India, and this could well be India’s biggest data breach ever. What is not confirmed is whether all of the data was compromised or only parts of it, as a lot of queries on the site returned blank results. The other issue with such data leaks is that in case of Jio, many of the activations for the service are done via Aadhaar. If Aadhaar data is leaked that is even more cause for worry.
What is Reliance Jio’s reaction to this data leaked? Has the been confirmed as authentic?
Reliance Jio in a statement said “prima facie the data seemed to be unauthentic” and it was investigating the “unverified and unsubstantiated claims of the website”. “We want to assure our subscribers that their data is safe and maintained with highest security. Data is only shared with authorities as per their requirement. We have informed law enforcement agencies about the claims of the website and will follow through to ensure strict action is taken,” is what Jio spokesperson said in a written response to a query regarding this data breach.
Who is behind the Reliance Jio data breach?
Jio says the probe is still on, and insists that the data is safe. So far, it is not clear who is behind the Reliance Jio data breach. The particular site in question was registered by Godaddy. It was registered in May 2017, but “Whois data” for this website not listed anymore. Also no one has come forward to take responsibility for this data hacking.
Is this Reliance Jio data breach bad for my Aadhaar information? Have biometrics also been leaked or stolen?
Since almost all Reliance Jio numbers are linked to Aadhaar accounts, a data breach cannot be good news. Mobile numbers, email ids being made public can open up these users to a lot more spam, phishing attacks, etc. Since other mobile service providers are also now insisting on Aadhaar, this breach should get the authorities to act on better way to secure this data.
Of course, in the past, Aadhaar numbers have been posted online with complete information. It also highlights what privacy activists have been pointing out as problems with Aadhaar data. It gets more complicated because the number is being linked to pretty much every service you are using, or plan to use in the future.
How to lock Aadhaar biometric data?
In order to avoid any misuse of your Aadhaar linked biometric data, there is the option of locking this data. But make sure your Aadhaar number is linked to your current mobile number. If it is not linked, then you’ll have to visit the closest Aadhaar updation centre, and get the mobile number included.
For those who synced their mobile number to the Aadhaar account, you will need to go to this link “resident.uidai.gov.in/biometric-lock,” which has HTTPS:// at the beginning. Or just open the UIDAI website, and right on the home page, you’ll find Lock/Unlock Biometrics listed under the Aadhaar services tab.
Once you open this tab, just enter your 12-digit Aadhaar number, followed by the security code showing on the screen below. Click on the generate OTP option, and once you get the OTP on your mobile number, just enter this on the page. Once done, hit the verify button. The next page will let you enable biometric locking.
Tick check on Enable biometric locking option, and also remember to hit enable after you do this. For disabling, just uncheck the option, and click disable. Once your biometrics are locked, it will at least ensure it can’t be misused by others.
Aadhaar website says this “protects privacy and confidentiality of Resident’s Biometrics Data”. But remember once you lock these biometrics, you won’t be able to use this sort of authentication to activate any future services. Both the fingerprint and iris data are used for authentication in Aadhaar, and both get locked via this system.