A technical glitch in Reliance Jio’s COVID-19 symptom checker app exposed its core database that contained users’ sensitive information, TechCrunch reported. The Indian telecom giant launched the self-checking app last month to help users to check for coronavirus infection from their phones.
Along with the COVID-19 tests results, the exposed database contains millions of individual logs and records starting from April 17, 2020, to till date. The other information included users’ age, gender, location, symptoms, health data, information about the user’s browser version, operating system, and other profile information. The issue came to light after security researcher Anurag Sen discovered and reported the issue. TechCrunch stated the database was taken offline and is now secured after notifying Reliance authorities.
TechCrunch stated that it was able to find users’ precise locations using the latitude and longitude records found in the database. It was discovered that most of the users’ geo locations pointed around Indian cities like Mumbai and Pune, including users in the U.K. and North America.
“We have taken immediate action. The logging server was for monitoring performance of our website, intended for the limited purpose of people doing a self-check to see if they have any COVID-19 symptoms,” said Jio spokesperson Tushar Pania in a media statement.
Coronavirus-related Data Breaches
In a similar data breach incident, hackers compromised a database that contains details of all the COVID-19 patients, which was maintained by Aythala district administrator’s office computers in the Indian state Kerala. The data included information on people coming into the district from abroad and those kept in self-quarantine, their recent travel history, residential addresses, and contact details, etc.
The list of confirmed and quarantined patients in the district was handed over to the police and the district health administration to help them in the continuous monitoring of respective individuals. However, the same list started appearing locally on various social media groups and forums.