After the Indian government imposed a nationwide lockdown to contain the spread of the coronavirus, Reliance Jio, like some other private companies, launched its own COVID-19 self-test symptom checker. However, there has been a security lapse from Jio’s end which exposed one of its symptom checker’s core databases to the internet without a password, reported TechCrunch.
Ever since the start of the coronavirus pandemic, we’ve seen a number of apps developed by government and private companies that aim to help users identify COVID-19 symptoms. Jio had also rolled out such a feature on its website and via its MyJio app.
The publication learned about the exposed database from security researcher Anurag Sen who found it on May 1, 2020. It contained millions of logs and records starting April 17. As per the report, the server contained a running log of website error and other system messages as well as user-generated self-test data.
This data includes a record of who took the test—such as self or relative, their gender, and their age along with a small snippet of information about the user’s browser version and the operating system. The database also carried individual records of those who signed up to create a profile as well as records contained the answers to each question asked by the symptom checker, the report said.
Making a profile helped users to update their symptoms over time and the questions asked by the symptom checker included queries like what symptoms they are experiencing, who they have been in contact with, and what health conditions they may have.
According to the report, some records also carried precise location of the users, which probably belong to people who granted the symptom checker access to their browser or phone’s location data.
Express Tech is now on Telegram. Click here to join our channel (@expresstechnology) and stay updated with the latest tech news
Reliance Jio was notified of the issue after which it pulled the system offline. Jio spokesperson Tushar Pania told the publication that they have taken immediate action. “The logging server was for monitoring performance of our website, intended for the limited purpose of people doing a self-check to see if they have any COVID-19 symptoms,” he told TechCrunch.
However, Pania did not clarify if Jio will inform symptom-checker users affected by this security breach or not.
📣 The Indian Express is now on Telegram. Click here to join our channel (@indianexpress) and stay updated with the latest headlines