Millions of User-Generated Data At Stake
The rapid spreading of Novel Coronavirus has led many tech companies to come forward and contribute in their part. One such play is by Jio, led by India’s wealthiest man Mukesh Ambani and his firm, Reliance. Jio is India’s largest telecom service with over 370+ million followers; it’s a new feature for checking COVID-19 symptoms that were visited by millions since its launch. And the database of this information was just left online without any password! Anurag Sen, a security researcher who found the database first, has informed TechCrunch to be notified to Jio. And when TechCrunch did check and told, Jio pulled down the system that’s hosting the database. The feature, COVID-19 symptom checker, is a limited tool accessible through the web browser and in Jio’s app. Users can answer simple questions about their recent activity to know the potential exposure to any Coronavirus patients. The database, which is user-generated self-test data, also includes a portion of data relating to the user device’s OS, browser version, and exact geo-location, if provided by the user. Apart from these, there’s personally identifiable information by those who’ve logged via the app. Upon informing Jio spokesperson, Tushar Pania said the logging server was meant to monitor the performance of their website. While there’s no data breach or abuse detected by anyone till now, it’s suggested to clear that site cookies to avoid being caught by browser info. Further, there symptom checker page also has the information from health authorities, daily statistics, nearby test centers list, and helpline to aid citizens about information regarding the virus. Via: TechCrunch
