Advertisment

In early July, a hacker leaked the data of Reliance Jio customers through a clearnet website. The site revealed a subscriber’s name, subscription date, and account email address. Reliance, however, denied that any breach had occurred. Internet users then spotted an Alphabay vendor selling info on 120 million users of a “large Indian telecommunications company.” After denying that anyone compromised customer data, a hacker was arrested for doing just that.

Reliance Jio, in spite of numerous complaints from users who had validated their information on the hacker’s website, called the claims “unsubstantiated.” The Alphabay post never mentioned the telecom company by name, but Reliance Jio fit the description and had roughly 120 million subscribers.

jio-hacked.png

jio-hacked.png

July 5

Something odd and majorly unreported by the media appeared upon examination of the breach timeline. Customers reported a data breach in July—shortly after a hacker created “magicapk.com.” The site allowed users to enter their Jio number and, in return, received their personal subscriber information and potentially their Aadhaar number. The hacker, imranchimpa, posted a link to the website on July 5.

Screenshot_2017-07-13_05-42-12.png

Screenshot_2017-07-13_05-42-12.png

Media outlets, after the discovery of magicapk.com, discovered an Alphabay forum post advertising data of 120 million subscribers. The post, however, was dated March 8, 2017. On July 5, someone uploaded a photo of a screenshot of that Alphabay forum post to Imgur. That “someone” was the same as the poster of the Jio database—the OP and the username of the signed-in user who took the screenshot matched.

Reliance-Jio-Database-Hack-1-1024x556.jpg

Reliance-Jio-Database-Hack-1-1024x556.jpg

July 5-10

Many users confirmed the magicapk.com database with their Jio number. Reddit users in India posted several threads in /r/India wherein Jio subscribers posted confirmations. Including some that registered Jio accounts within a week of magikapk. The Alphabay database, while seemingly posted by the same user, could not possibly contain Jio subscribers that had joined after the date database theft. This led to the belief that the leak was the work inside if an insider who had access to Jio servers.

Screenshot_2017-07-13_06-00-10.png

Screenshot_2017-07-13_06-00-10.png

Nevertheless, Jio denied a breach:

We have come across the unverified and unsubstantiated claims of the website and are investigating it. Prima facie, the data appears to be unauthentic. We want to assure our subscribers that their data is safe and maintained with highest security. Data is only shared with authorities as per their requirement. We have informed law enforcement agencies about the claims of the website and will follow through to ensure strict action is taken.”

July 10-13

Jio’s complaint into the “unauthentic” data came to a head when Maharashtra Cyber police arrested a 24-year-old from Rajasthan. They charged him in connection with the breach. The suspect, Imran Chhimpa (aka imranchimpa from the clearnet forum post), was arrested not even 24 hours after the police began the investigation. They simply traced his IP address—his home IP address. “The accused had not made attempts to hide the digital trail or mask the server he was using. He was working out of his home,” an officer said.

Police said he had stolen the credentials to a Jio billing application from a Jio retailer. The app allowed the user to access the entire Jio database. “At home, the accused designed software [that he used to] transfer data he had obtained from the application on to [magicapk.com],” the officer explained.

jio-hacking.png

jio-hacking.png

“His plan was to create a search engine comprising numbers of cellphone users of all telecom firms,” the superintendent said. “But he had not figured how to acquire data from other firms.”

The non-hacker obtained every Jio subscriber’s data with stolen retail credentials. And that data included, for some customers, the controversial Aadhaar identification number. The responses are currently mixed. Some commenters joked about the search engine notion; some expressed surprise that a simple retailer had complete access; and others simply spoke unfavorably of the push to implement Aadhaar numbers as a digital identity—a data vulnerability on its own—especially with current UDAI database leaks.

Get the latest Bitcoin News on The Bitcoin News
Our Social Networks:
Facebook Instagram Pinterest Reddit Telegram Twitter Youtube