Greed for free recharge led hacker to breach Reliance Jio data: Mumbai police

On July 9, a telecom industry portal wrote about the alleged data security issues, following which a probe was launched which resulted in the arrest of Chippa from Rajasthan.

Published: 21st July 2017 11:44 AM  |   Last Updated: 21st July 2017 01:42 PM   |  A+A-

Image for graphical representation only (Reuters)

By PTI

MUMBAI: It was the lure of free recharge after Reliance Jio started charging its customers that led 35 -year-old computer science student Imran Chippa to gain unauthorised access to the company's database systems, a police official said today.

Chippa was arrested last week in connection with the unauthorised access to the Reliance Jio's database.

"Chippa got hold of a forwarded message on a chat application which promised people ways to get free recharges. After clicking on the link provided, he found out an ID and password," the official said.

These credentials are the ones given to Jio vendors to be put in a specially designed mobile application for carrying out transactions like recharges for customers.

The credentials (the ID and password found by him) which the accused got were reportedly of a vendor in Odisha.

However, Chippa, who had earlier appeared for an MCA exam and was searching for a job, could not get the free recharge that he was seeking, the official said.

He put in Jio mobile numbers on the app after gaining access using the credentials and was surprised to get "personal details" of Jio customers, he said.

"This is when an idea to commercially utilise the data stuck him. Using his skills of computer programming, Chippa began developing an app similar to (the app) True Caller and started by creating a web host," the official said.

In that attempt, he created the website - magicapk.com - which was hosted by Andheri-based company Endurance International Group, he said.

According to police, Chippa claimed to provide Jio user data through his website.

He allegedly started to get unauthorised access to Reliance Jio's systems in the first week of July and the company's customer data started to appear on magicapk.com, he said.

Vigilance officials from RJio were shocked to discover the access given to commoners through the website on July 9 at 5.15 pm and continued monitoring the same till 9.30 pm, the police official said.

The vigilance officials then approached the Rabale MIDC police station later with a complaint.

"Since getting unauthorised access to RJio's data, the website magicapk.com had got more than 50,000 hits by viewers," Navi Mumbai's Deputy Commissioner of Police (crime) Tushar Doshi told PTI.

On July 9, a telecom industry portal wrote about the alleged data security issues, following which a probe was launched which resulted in the arrest of Chippa from Rajasthan.

He is a resident of Rajasthan's Sujangarh town.

RJio had earlier said that the claims of the website were "unverified" and "unsubstantiated".

"Prima facie, data appears to be unauthentic. We want to assure our subscribers that their data is safe and maintained with highest security. Data is only shared with authorities as per their requirement," it had said.

Jio had said it has "informed law enforcement agencies about the claims of the website and will follow through to ensure strict action is taken".

Doshi had earlier explained that as part of its regular operations, RJio--whose subscriber base had crossed 100 million within six months of the launch--makes certain data available to its retailers through a website and Chippa gained unauthorised access to the company's servers.

Asserting that this excludes sensitive details like Aadhaar details or PAN numbers, Doshi said one was able to get a RJio subscriber's name, email ID, SIM activation date, telecom circle and alternate number by putting the RJio number in the search command.

Reliance was one of the first operators to add customers solely on the basis of Aadhaar details as address and identity proof. Later, the government made it mandatory for all new connections to be activated against Aadhaar details.

The presence of Aadhar details, which includes biometrics, had raised concern in certain quarters after the data breach came to light.

Stay up to date on all the latest Nation news with The New Indian Express App. Download now
(Get the news that matters from New Indian Express on WhatsApp. Click this link and hit 'Click to Subscribe'. Follow the instructions after that.)

Comments

Disclaimer : We respect your thoughts and views! But we need to be judicious while moderating your comments. All the comments will be moderated by the newindianexpress.com editorial. Abstain from posting comments that are obscene, defamatory or inflammatory, and do not indulge in personal attacks. Try to avoid outside hyperlinks inside the comment. Help us delete comments that do not follow these guidelines.

The views expressed in comments published on newindianexpress.com are those of the comment writers alone. They do not represent the views or opinions of newindianexpress.com or its staff, nor do they represent the views or opinions of The New Indian Express Group, or any entity of, or affiliated with, The New Indian Express Group. newindianexpress.com reserves the right to take any or all comments down at any time.

flipboard facebook twitter whatsapp