Monday, February 10, 2025
Homecyber securityReliance Jio's Coronavirus Symptom Checker App Exposes Users Data Online Due to...

Reliance Jio’s Coronavirus Symptom Checker App Exposes Users Data Online Due to Security Error

Published on

SIEM as a Service

Follow Us on Google News

A security error with Reliance Jio’s Coronavirus Symptom Checker App exposes its core database to the Internet without a password.

The COVID-19 symptoms checker app was launched by India’s largest cell network provider Jio in late March, this app allows users to check from their phone for COVID-19 infection.

Jio Symptom Checker Database Leaked

The security error was first observed by security researcher Anurag Sen on May 1 and contacted TechCrunch to notify the company.

TechCrunch contacted Reliance Jio and the database contains reports of users’ Covid-19 tests that were taken offline quickly.

The leaked database includes millions of results starting from April 17 to the time it was taken offline.

It includes details of users such as age, gender, symptoms, and health data of the people who signed in to create a profile.

The database also contains details such as a person’s user agent, user’s precise location if they allowed the app to track the location.

Based on Samples obtained by TechCrunch

Based on the sample obtained, TechCrunch confirms they able to identify users’ home location based on the latitude and longitude records that present in the database.

Most of the users found to be from Mumbai and Pune, few users signed up from the United Kingdom and North America.

“We have taken immediate action,” said Jio spokesperson Tushar Pania. “The logging server was for monitoring performance of our website, intended for the limited purpose of people doing a self-check to see if they have any COVID-19 symptoms.”

The company not provided any details about how it informs the users about this security error.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

UK Pressures Apple to Create Global Backdoor To Spy on Encrypted iCloud Access

United Kingdom has reportedly ordered Apple to create a backdoor allowing access to all...

Autonomous LLMs Reshaping Pen Testing: Real-World AD Breaches and the Future of Cybersecurity

Large Language Models (LLMs) are transforming penetration testing (pen testing), leveraging their advanced reasoning...

Securing GAI-Driven Semantic Communications: A Novel Defense Against Backdoor Attacks

Semantic communication systems, powered by Generative AI (GAI), are transforming the way information is...

Cybercriminals Target IIS Servers to Spread BadIIS Malware

A recent wave of cyberattacks has revealed the exploitation of Microsoft Internet Information Services...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

Autonomous LLMs Reshaping Pen Testing: Real-World AD Breaches and the Future of Cybersecurity

Large Language Models (LLMs) are transforming penetration testing (pen testing), leveraging their advanced reasoning...

Securing GAI-Driven Semantic Communications: A Novel Defense Against Backdoor Attacks

Semantic communication systems, powered by Generative AI (GAI), are transforming the way information is...

Cybercriminals Target IIS Servers to Spread BadIIS Malware

A recent wave of cyberattacks has revealed the exploitation of Microsoft Internet Information Services...