India's biggest mobile carrier left COVID-19 self-test data unsecured

Daniel Cooper
Senior Editor
India JIO mobile

Jio, the Indian mobile giant Facebook just bought a 9.9 percent stake in, may be at the center of its own privacy snafu. According to TechCrunch, the company didn’t secure a database connected to a COVID-19 symptom checker it launched in March. Security researcher Anurag Sen found this database, and alerted our sister publication, who then passed on the information to Jio. 

The database contained logs running from April 17th through to when Jio was informed of the breach and took the information down. It reportedly contained self-test data, including people’s family relationships, age, gender and symptoms that could be linked to their wider online activity. More troubling is that the records, in some cases, included location data that could be used to find their home addresses. 

After being notified, the database was taken down, and a Jio spokesperson told TechCrunch that the logging server was only to monitor the website’s performance. The spokesperson added that the company had taken “immediate action” in taking the website down.