Police have detained Imran Chhimpa from Sujangarh town in Rajasthan on suspicion of being involved with Reliance Jio user’s data leak, reports Reuters. The report mentions that a post (from Wednesday, July 5) on the online message board Ferndz4m, by a person using the handle ‘imranchhimpa’ and linked to Chhimpa’s Internet Protocol (IP) address, provided a link to the website in question – magicapk.com – and claimed that one could access personal user details of Jio customers on the site. The post also claimed that the data was gathered from original documents. The post thread seems to have been locked now. Police have acquired the installation address of Chhimpa’s IP address from the local Internet service provider in Sujangarh.
While Reliance Jio has said that it is investigating the leak and has informed law enforcement agencies, it continues to maintain its initial stance that these are “unverified and unsubstantiated claims”, and “the data appears to be unauthentic”.
Earlier, on July 9, a website called Magicapk.com went online, allowing anyone to search for user identification data (Know Your Customer; KYC) of Reliance Jio customers. It had the following KYC information: Name, Mobile number, Email address, Date of activation, Circle and Aadhaar number, but thankfully, the Aadhaar information was redacted. MediaNama independently verified this data for multiple Jio numbers, and the data was accurate for these numbers. The website was eventually taken down by its hosting provider shortly after 11pm on July 9.
— Troy Hunt (@troyhunt) July 10, 2017
The website was registered two months ago, and the individual who registered the domain has apparently chosen not to make their identity public. A previous version of the website cached last month by Google shows a simple message: “coe back soon [sic]”.