wordpress blog stats
Connect with us

Hi, what are you looking for?

, , , , ,

Vulnerability exposed JioMoney users’ Aadhaar numbers

A vulnerability in Reliance Jio’s JioMoney wallet app exposed personal data of JioMoney users, according to an independent security researcher. Users’ Aadhaar numbers were exposed, along with details like their date of birth, when they verified their SIM card, and their JioMoney account MPIN.

MediaNama reached out to Jio for comment, and in response they have sent the following statement:

“ We have come across an unverified and unsubstantiated claim of personal data of JioMoney users being exposed. We confirm that there is no such issue in JioMoney. Prima facie, the claims appear to be mischievous attempts to malign our services. We assure our users that their data is safe and maintained with highest security.”

C.S. Akshay, the researcher, started scrutinizing JioMoney’s code when the service’s customer support was unable to resolve a grievance. “Absolutely irritated, I messed with Jio Money with [which] the issue resided and boom,” Akshay said, “a vulnerability was discovered!” Akshay put up a microsite where these details could be auto-fetched, but took it down — and deleted his tweets on the subject — after getting a call from Jio.

While Jio does not publish details about how many users are enrolled on JioMoney, the company encourages all its subscribers to download the entire Jio suite of apps, which includes JioMoney.

Advertisement. Scroll to continue reading.

JioMoney partners

JioMoney also runs a payments bank, and is partnered with several insurance companies that lets users make premium payments. It also has partnerships with Uber, Sodexo, Snapdeal and Dominos Pizza. The payments app is similar to Paytm in many ways, and is subject to RBI oversight on payments banks security. It’s unclear if this incident has reached the RBI’s radar.

ReadJioMoney wallet launched; dormant accounts maybe charged maintenance fee

Not the first time

This is not the first time Jio has had a vulnerability in its app ecosystem that exposed the data of users. In 2017, Imran Chhimpa, a small-town coder in Rajasthan, figured out a way to auto-fetch Jio users’ details from their phone numbers with a login to a Jio app used by retailers. Chhimpa wanted to do the same for other telcos’ subscribers as well, but hadn’t figured out how. He was later arrested, after he created a website that allowed people to search for Jio phone numbers and get personal data in return. It’s not clear if Chhimpa had customers’ Aadhaar numbers, because even though the website he created had a field for Aadhaar numbers, it doesn’t seem to have turned up any Aadhaar numbers in practice.

Advertisement. Scroll to continue reading.
Written By

I cover the digital content ecosystem and telecom for MediaNama.

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.

Views

News

India and US come to terms on how to deal with the equalisation levy in light of the impending Global Tax Deal.

News

Find out how people’s health data is understood to have value and who can benefit from that value.

News

The US and other countries' retreat from a laissez-faire approach to regulating markets presents India with a rare opportunity.

News

When news that Walmart would soon accept cryptocurrency turned out to be fake, it also became a teachable moment.

News

The DSCI's guidelines are patient-centric and act as a data privacy roadmap for healthcare service providers.

You May Also Like

News

Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...

Advert

135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...

News

Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...

News

By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Name:*
Your email address:*
*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ