Reliance Jio Infocomm Ltd, which is looking into reports of a major leak of user data, has filed a police complaint alleging “unlawful access to its systems,” a police officer involved in the investigation said. The complaint, made on Monday in Navi Mumbai, where Jio is headquartered, would be the telecom firm’s first official acknowledgement of a system breach. Jio has so far denied media reports and user accounts of a leak.
Jio, part of conglomerate Reliance Industries Ltd, did not respond to a Reuters request for comment. Several local news websites reported late on Sunday that names, telephone numbers and email addresses of Jio users were visible on a site called ‘Magicapk,’ which was subsequently taken down.
Jio however, said its user data was safe and maintained with the highest security, and that the data on the Magicapk website appeared “unauthentic”. News outlets such as Indian Express and MediaNama reported being able to cross-reference and confirm the veracity of the data on numerous Jio customers known to them.
On Tuesday, Reuters reported that police in the western state of Rajasthan detained a man on suspicion of involvement in the breach, which cyber security analysts said could be the first large-scale leak from an Indian telecoms firm.
To recall, data of Reliance Jio users were posted on a website called magicapk.com. The site has been suspended. A lot of users who checked found that email id, first name, last name, Reliance Jio mobile number, activation date for the SIM along with the activation circle did match accurately for a lot of numbers. It is unclear data of how many users out of 120 million on Jio’s network was affected by the breach, but in some cases, Aadhaar number was also available online.
With Tech Desk inputs