Jio’s tool to check COVID-19 symptoms was found to have a major security lapse that exposed one of its core databases containing the records of millions of users who logged in to perform a self-test, according to a report. The affected database, which was pulled offline after Jio was notified about the flaw, included logs and records starting April 17. It reportedly contained a running log of website errors and other system messages to a large extent — alongside including the data of users self-tested on the platform.
The affected database by Jio for its COVID-19 tracking tool included the data of individuals, such as their user agent that helps identify the browser version and operating system of participants, profile records, symptoms on the basis of the questions asked by the tool, reported TechCrunch. It also reportedly included the precise location of users, if they had enabled it.
Security researcher Anurag Sen on May 1 discovered that the database in question was exposed to the Internet without a password. Jio reportedly made it offline soon after it was notified about the flaw. However, it is unclear whether the data stored in the database was accessed by a third-party — apart from the security researcher revealing its exposure.
- This App Allows Jio Users to Recharge Other Accounts and Earn Commission
“We have taken immediate action,” said Jio spokesperson Tushar Pania, as quoted by TechCrunch. “The logging server was for monitoring performance of our website, intended for the limited purpose of people doing a self-check to see if they have any COVID-19 symptoms.”
- Jio Brings ‘Recharge at ATM’ Facility: Here’s How to Use It
- How ISP Engineers on the Ground Are Keeping You Connected
- Aarogya Setu Mandatory for Employees in India, People in Containment Zones
Jio launched the COVID-19 self-testing tool in late March — sometime alongside the release of a similar checker by Bharti Airtel. It was designed to help people understand whether they’re safe or at coronavirus risk. Users need to provide their gender and have the ability to even test the symptoms of their family members. The tool also asks the user’s age, if the user came in contact with someone who has been tested positive for COVID-19. Furthermore, it is said to be used by even people outside India, including some from North America and the UK.