India’s Biggest Mobile Operator left COVID-19 Self-Test data unsecured

Jio, the Indian mobile giant Facebook just bought a 9.9 percent stake in, maybe at the center of its own privacy snafu. According to TechCrunch, the company didn’t secure a database connected to a COVID-19 symptom checker it launched in March. Security researcher Anurag Sen found this database who then passed on the information to Jio. 

The database contained logs running from April 17th through to when Jio was informed of the breach and took the information down. It reportedly contained self-test data, including people’s family relationships, age, gender, and symptoms that could be linked to their wider online activity. More troubling is that the records, in some cases, included location data that could be used to find their home addresses. 

After being notified, the database was taken down, and a Jio spokesperson told TechCrunch that the logging server was only to monitor the website’s performance. The spokesperson added that the company had taken “immediate action” in taking the website down.