You are reading it here first: At least a hundred Indians interested in buying the PlayStation 5 might have to shell out more than just money. Reliance Digital took out a pre-registration survey of people who were interested in purchasing the game console, but in the process, left their names, email addresses and phone numbers exposed. Reliance Digital took the survey down after MediaNama reached out to them asking if they were aware of this. The company did not respond to our queries.

At the time of publishing, more than 800 people had taken the survey, and MediaNama could see personal details of around a hundred people. The survey was being run on a Google Form, and after taking the survey, an option popped up to see others’ responses. When we clicked on the option, the webpage was redirected to responses submitted by other participants in the survey, where their personal details were displayed. It was also possible to see user details as Reliance Digital appears to have “published” responses to the form by having lax privacy settings on the form.

Aside from exposing users’ personal data, the survey webpage also exposed commercial data on the demand for the PlayStation 5 hardware, software and peripheral devices. This included details about when people are likely to purchase the device, when it eventually launches in India, the additional accessories people are likely to purchase, and whether they will buy a PS Plus membership, which allows for multiplayer gaming on many titles.

Some examples of the kind of commercial intelligence data that the survey left exposed:

Charts generated on Google Forms by Reliance Digital’s exposed survey results.

MediaNama has also reached out to Sony to understand whether users’ data was being handled by Reliance Digital in accordance to Sony’s privacy policy. Cybersecurity company Kaspersky said earlier this month that it had found over 130 suspicious resources online claiming to sell the PlayStation 5 at a much lower price than the retail price, indicating a growing number of scam attempts to push the console. The PlayStation 5 is out of stock nearly everywhere, and has not yet been launched in India. But there is nevertheless high consumer interest, with a “steady” amount of demand from Indians paying twice the Indian official price to snag a unit in India, according to a report by The Mako Reactor. Exposure of users’ contact information like Reliance Digital’s may have given scammers an in to exploit the console’s fervent demand by letting them fraudulently solicit desperate consumers.

In response to our queries, a Sony spokesperson sent us the following statement:

“Thank you for bringing this to our notice, we have shared this information with Reliance to take necessary action. Sony India follows strict privacy protocols to safe guard its customer data.”

Poor data security practices

This is not an isolated instance where data of Indians was left exposed owing to poor data security practices adopted by companies:

  • Earlier this month, data of over 2 crore BigBasket users, including their names, email IDs, password hashes, pin, and contact numbers, among others, was leaked and is being sold on the dark web.
  • In October, PTI was hit with a ransomware attack that forced the news agency to suspend its publishing services for several hours.
  • In August, a breach at ticketing and travel website RailYatri exposed details of over 700,000 users. The leaked details included sensitive details such as travel itineraries, and financial data such as credit and debit card information and UPI Ids.

Aroon Deep contributed reporting.

*Update at 7:24 PM: Updated with statement from Sony’s spokesperson.

Also read: