In arguably one of the biggest data leaks ever in India, details of millions of Jio users have been leaked on the web. The details, which were until yesterday evening were available on a website called magiapk.com, contain the name, the Jio number, when that number was activated, email id and what verification ID was used to activate the number. It has been estimated that nearly 120 million Jio users have been affected.
Aadhaar numbers, which are also linked with millions of Jio numbers as Jio used them to authenticate users from October-November last year, don’t seem to have leaked, not publicly at least.The news of the Jio data leak surfaced around 6pm on Sunday as some users started talking about it on Twitter. The drill was simple. Go to Magicapk, put in the Jio number for which you needed the details and search. The website then fetched the data.
Although most people discovered on Sunday evening, apparently at the same time when even Jio came to know about the fact that its user data was available publicly, the Magicapk.com was in the business for the last few days.
As more people became aware of the Jio data leak, the Magical.com servers were hit with massive traffic. Then in some cases they worked, in some they didn’t. Jio apparently sprung into action around 9pm. By midnight the website magicapk.com was down, although it is not sure if it was taken by its service provider or it went offline because it exhausted the bandwidth allotted to it. Right now if you open magicapk.com it shows an error saying that the account of the website owner has been suspended.
For now Jio has denied the data leak. “We have come across the unverified and unsubstantiated claims of the website and are investigating it. Prima facie, the data appears to be unauthentic. We want to assure our subscribers that their data is safe and maintained with highest security. Data is only shared with authorities as per their requirement. We have informed law enforcement agencies about the claims of the website and will follow through to ensure strict action is taken,” a company spokesperson told the India Today Tech.
However, prima facie it also looks like that the data leak is real. The numbers that India Today Tech checked on the magicapk.com fetched authentic results. It also seems that even though the leaked Jio data is no longer available on the magicapk.com, it is almost certain that copies of this database must have been created by many more cyber scammers who often scrap data from web servers whenever it leaks.
This is possibly the reason why in some of the web forums frequented by hackers and scammers, the Jio data is already seemingly on sale. Although name Jio doesn’t find any mention in his post, there is a user called M00n$hine who has put up on sale a database containing details of 120 million users of a big Indian telecom firm. According M00n$hine the database not only contains user details but also their CDR details that have outgoing and incoming call-related information. The user is selling details of 20 lakh consumers at a price of 19 bitcoins.