Reliance Jio Claims Customer Data Leak 'Inauthentic', Users Say It's Real

On Sunday evening, a website called "magicapk.com" surfaced that reportedly contained the personal data of millions of Reliance Jio users.

New Delhi:  A website that reportedly contained the personal data of millions of Reliance Jio users surfaced on Sunday evening and crashed later that night presumably due under a high load of web traffic.

At roughly 6 pm on Sunday, a website called “magicapk.com” started making its way through various Indian social media channels including Twitter, WhatsApp and Reddit India. The website, which came with a simple user interface as shown above, simply asks visitors to enter a Reliance Jio mobile number to get access to “Jio sim details”.

Throughout the evening, the authenticity of some of the leaked data was confirmed by users online as well as tech website Fonearena.

It should be noted that the scale of this data breach is unclear at this point: when The Wire tried searching for a few Reliance Jio numbers, no results or personally identifiable information turned up.

When contacted, a Reliance Jio spokesperson pointed out that “prima facie, the data appears to be unauthentic”.

“We have come across the unverified and unsubstantiated claims of the website and are investigating it. Prima facie, the data appears to be unauthentic. We want to assure our subscribers that their data is safe and maintained with highest security. Data is only shared with authorities as per their requirement. We have informed law enforcement agencies about the claims of the website and will follow through to ensure strict action is taken,” a company spokesperson said.

However, as pointed out above, multiple Reliance Jio customers confirmed online that their data had indeed been leaked and that the data leak was in part authentic. This, according to multiple cyber security experts, throws some doubt on the company’s steadfast denial.

By 11 pm on Sunday, and as of the time of publishing this article, the MagicaPk website had crashed and visitors looking to figure out if their data had been leaked were denied such an opportunity.

Instead, visitors were greeted with an announcement that “this account has now been suspended”, presumably by the website’s hosting service provider.