Update: We have received an official response from Jio’s Spokesperson. Here’s the entire statement: “We have come across an unverified and unsubstantiated claim of personal data of JioMoney users being exposed. We confirm that there is no such issue in JioMoney. Prima facie, the claims appear to be mischievous attempts to malign our services. We assure our users that their data is safe and maintained with highest security.”
Story earlier: Mukesh Ambani-led Indian telecom operator Reliance Jio keeps making headlines for different reasons – sometimes because of its aggressively priced plans, sometimes because of its offers like Double Dhamaka Offer, and sometimes because of accusations and allegations by incumbent telcos of the country. However, the telco in the past has also received bad press for revealing user information. And now, the telco has been caught in the act once again.
It’s very well known that Jio has an entire suite of Jio apps like JioMusic, JioCinema, JioTV, JioMags, JioNewsPaper, and more. One of those apps is the JioMoney app which is actually a digital wallet, à la Paytm, that lets you carry out cashless transactions. Well, a security researcher who goes by the name “Evil Payload” on Twitter with username @aksh_cs has discovered that JioMoney app is revealing information of its users (check image above) that also includes their Aadhaar numbers.
— 𝗔𝗻𝗶𝘃𝗮𝗿 𝗔𝗿𝗮𝘃𝗶𝗻𝗱 (@anivar) July 3, 2018
This security researcher says that a misconfiguration of JioMoney’s servers is probably causing the app to expose the data of its customers – irrespective of whether they are Jio customers or not. He also created a website, which is now taken down, that returned details of JioMoney users after entering their mobile phone number. Now that’s really something that you cannot take lightly.
At press time, there’s no word from Reliance Jio on what exactly caused this, and, all that Jio has said is “We have forwarded this concern to our security team. For a concrete resolution to this issue, please allow us some more time as we’re getting this checked“.
We will update this story when we get more details from Reliance Jio.
