(with inputs from Aroon Deep) Last night, a website called Magicapk.com went online, allowing anyone to search for user identification data (Know Your Customer; KYC) of Reliance Jio customers. It had the following kyc information: Name, Mobile Number, Email address, Date of activation, Circle and Aadhaar number, but thankfully, the Aadhaar information was redacted. MediaNama independently verified this data for multiple Jio numbers, and the data was accurate for these numbers. Numbers for other telecom operators did not work. Several users have also uploaded screenshots of actual data online, which we won't be linking to. Jio is in denial Reliance Jio, however, has sent us a statement, saying that these are "unverified and unsubstantiated claims", and "the data appears to be unauthentic". Frankly, given that we verified the data for multiple users, as have others, this claim is simply not true. Some users are reporting that data for newer numbers is not available. Update: Do check Troy Hunt's "The 5 stages of Data Breach Grief". The website was taken down by its hosting provider yesterday shortly after 11pm. However, that doesn't mean that the data has not been leaked, nor does it mean that the data can still be made available online. Whoever has this data can easily create another random website, and put the same site up. The breach appears to be real. Jio is yet to respond to the following questions 1. How is the user data stored by Jio 2. Whether the data is encrypted when stored…
