Jio Does Not Seem to Understand What Passwords Are For, and Now Private Data Has Been Exposed

Jio Symptom Checker Data Leak

Everyone is trying to help the fight against the nasty coronavirus, and tech companies are no exception, especially the ones that have large userbases. Reliance Joi, one of India's biggest telecommunications providers, for example, recently launched what it called a 'Symptom Checker.' Having seen the tool, we should probably point out that the name Jio has chosen might be a bit optimistic.

If you think that the tool will somehow check your symptoms and determine whether or not you've got COVID-19, you'd be disappointed. In essence, Jio's Symptom Checker is a series of multiple-choice questions. Based on your answers, an algorithm determines whether you're at low, medium, or high risk of catching the disease, and it gives you the appropriate advice. You can create an account and "track" your symptoms, but that's about it when it comes to features.

Mind you, it's not a waste of time. In addition to telling you how big the risk is, the Symptom Checker also gives you a number of resources that can be extremely helpful, especially given the numerous fake news and misinformation campaigns surrounding the pandemic. You should be aware of the fact, however, that an online tool can't tell you whether or not your runny nose was caused by the common cold or the coronavirus. Those of you who use Joi's Symptom Checker should know that some of the data you enter is being recorded.

Jio's Symptom Checker saves some of the information users enter

Each and every test is carefully logged. For the most part, the information that is kept is limited to gender, age, and whether you're providing your own answers or are answering on behalf of a friend or a relative. Information on the user's operating system and browser version is also recorded and stored, and, if allowed, the Symptom Checker can record the user's precise location. As you might imagine, the logs are even more detailed for registered users. Jio's Symptom Checker doesn't seem to record any personally identifiable information, but we're pretty sure that at least some of you are wondering what it needs these details for.

The truth is, service providers need to keep tabs on who uses their products and how, and there's little doubt in anyone's mind that usage statistics help developers introduce performance optimizations and new features.

The question here is whether the above-listed data points all fit in the term "usage statistics," and we're pretty sure that there are people who would argue that they don't. Jio's case for logging all that data isn't helped by the fact that users aren't explicitly warned about it.

Jio put user data at risk by leaving it in a wide-open database

You may be wondering how we know all this, and unfortunately, the answer is the most disappointing detail about the whole story. On May 1, security researcher Anurag Sen, the same person who uncovered the Paay leak a couple of weeks ago, located a database which, a closer inspection revealed, belonged to Jio. Peeking inside, Sen found millions of records that have been logged by the Symptom Checker, with some of them dating back to April 17.

It turned out to be a production server, and the records of more people using the tool were being added in real time. Worst of all, because it wasn't protected by a password, the data was accessible from anywhere in the world. Anurag Sen immediately contacted TechCrunch's Zack Whittaker, who informed Jio about the leak, and the database was soon pulled offline. A spokesperson for the telecommunications provider told Whittaker that Sen accidentally stumbled upon one of the company's "logging servers," which was helping them monitor the performance of the website. What Jio didn't say was why it was left without a password.

As is usual with this kind of leaks, saying whether cybercriminals managed to get to the data before it was taken down is not really possible. In this case, the exposed information doesn't appear to be that sensitive, but unfortunately, the incident proves for the umpteenth time that the people responsible for storing users' data don't always do a very good job.

By Duran
May 5, 2020
News
English
May 5, 2020
News

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

News

The Customers of Foxit Software Are Warned About a Data Breach That Exposed Passwords

Foxit Software has disclosed that it was recently a victim of a security breach in which private user data was left unprotected with an unknown third party. The people whose accounts were affected have been contacted... Read more

September 11, 2019
News

A Decade's Worth of Private User Data Has Been Exposed by Rallyhood

When Zack Whittaker from TechCrunch got in touch with Rallyhood to talk about a misconfigured S3 bucket that exposed quite a lot of user data, he was initially told that the leaky database was used for testing... Read more

February 24, 2020
News

Security Researchers Discover a Data Dump That Exposed 21M Passwords and 773M Email Addresses

Troy Hunt is an Australian security specialist who runs Have I Been Pwned – the largest, most comprehensive data breach notification service currently in existence. His job is, among other things, to collect emails... Read more

January 17, 2019
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.