Update: the site has been suspended, Jio claims that there was no data breached and the information is unauthentic. However, my data was exactly the same. The investigation is still going on, we will keep you up to date with the news on this page.
Reliance Jio, I am pretty sure you readers and tech enthusiasts in India need no introduction for this magnanimous “start up”, as they like to term it. From being one of the largest 4G LTE Broadband internet providers, Jio has leapt ahead of any mobile network operator’s user base, with its dirt cheap internet rates and decent to wonderful internet speeds. But, this massive user base of more than 100,000,000 should now be on the edge of their seats, since this unsettling news reveals something terrifying. None other than their very own network provider that they trusted their details with, hasn’t delivered on the security.
Although investing millions and billions of wealth to build unmatched internet provision infrastructure, their negligence to invest in digital security has put all their customers’ valuable data such as full name, phone number, email address, location, SIM activation time and date, and for a few their Aadhar numbers as well. The hacker(s) behind this handiwork have set up a website called http://magicapk.com/ wherein you can input the user’s number to reveal all the aforementioned details. In case the website disappears, here is how it looks and functions like:
Homepage:
The homepage only requires you to input the phone number of the user you want details of. For experimental purposes, I entered my own phone number and clicked on the “Show button”.
Details page:
The website then redirected me to to the following page: http://magicapk.com/jiosimdetail.php which showed nothing at first. See the screenshot below. But then, a simple reload made me panic. If you too are not able to derive the details, reload the page for a couple of times.
Reloaded details page with all the data:
As I said, my heart almost skipped a beat at this point, all my details were mentioned on this basic HTML and Javascript page.
The full name (including my middle name), the time, day and date when my SIM was activated, my mobile number, my personal email address, circle-ID (which is state location), and Aadhar number have been plucked from the server. Here, my Aadhar card number seemingly has not been leaked, which I am really glad about. Aadhar today has become a priority, an identity proof that is almost equivalent to the United States’ SSN (Social Security Number). This situation makes me want to quit using Jio’s services (and this is no bias here, and I am being paid to say this), my identity has been put under risk and I simply cannot tolerate that. Also, it is advised to take this site with a pinch of salt since this hack may actually be just a roster of details bought on the DarkWeb, nonetheless it’s not advised to input your number or any personal details on any unauthorized website, even if it is to verify. What do you guys think about this sitch?
