Reliance Jio launched its Covid-19 symptom checker tool back in March this year to help its users identify if they have been infected with the virus. Now, a report says that one of the databases containing the results of users’ Covid-19 tests may have been exposed online without a password.
According to a report by TechCrunch, a security lapse in one of the tool’s core databases exposed the users’ test results on the internet without a password. The security lapse was first detected by security researcher Anurag Sen on May 1, who then contacted the publication about the flaw. Reliance Jio took its database offline soon after it was informed about the bug.
The leaked database, as per the report, contains millions of logs between April 17 till the time the database was taken offline. It contained details of who took the test (self or a relative with their age and gender) and records of people who signed up to create a profile. These records contain answers to all the questions asked by the tool, which includes users’ symptoms, what health conditions they may have and who they have been in contact with.
In some cases, the record also showed users’ precise location with most of them being in cities like Mumbai and Pune. Some records also belonged to people in North America and the United Kingdom.
Reliance Jio has taken the database offline.
“We have taken immediate action…The logging server was for monitoring performance of our website, intended for the limited purpose of people doing a self-check to see if they have any COVID-19 symptoms,” a Reliance Jio spokesperson said in a statement to the publication.