In a recent data security breach, several Reliance Jio customer details were leaked through the Magicapk website.
The website has been giving out the following customer data:
– Full names
– Mobile numbers
– E-mail addresses
– Date of SIM card activation (and in which circle it was activated)
ETech verified that the website was serving authentic data by trying out several different Jio numbers. When doing so, the search attempts returned personal data associated with that person’s number, with only a couple of attempts demanding a refresh to get the required data.
However, when certain numbers were used, the search results came back empty. Furthermore, the website even claimed to contain Aadhaar details, but no matter which number was entered, the search results always came back empty.
Trying to examine the domain owner’s details turned out to be a futile attempt since the owner has opted for them to remain hidden.
An independent data security researcher, who also prefers to remain anonymous, said that many such phone numbers can be obtained from data brokers and on the dark web. According to him, it’s very easy to obtain this data in India. In any case, the researcher could not name the reason why someone would make the customer details publicly available.
A Jio spokeswoman commented that they have already reached out to law enforcement agencies. According to her, the data published on Magicapk is not authentic.
Since these events, Magicapk has been suspended.
If the leaked data turns out to be authentic, the large-scale data security breach would be the first of its kind to hit an Indian telecom operator.