Since there is an ongoing coronavirus pandemic over the whole world, many governments and organisation had developed apps and website to track COVID-19.
For the same, India's largest telecom network Jio, had also launched its coronavirus self-test symptom checker app in the month of March. The symptom checker allows anyone to check their symptoms from their phone or Jio’s website to see if they may have become infected with COVID-19.
Security researcher Anurah Sen had discovered the core database of symptom checker on May 1, that was open for everyone without any authentication. The exposed database notification was first reported by TechCrunch, where they notify to Jio Team. In response to TechCrunch, Jio immediately pulled off the database.
“The logging server was for monitoring performance of our website, intended for the limited purpose of people doing a self-check to see if they have any COVID-19 symptoms.” - Jio spokesperson told.
According to the TechCrunch, the exposed database contains millions of logs and records starting April 17. It also contained a running log of website errors and other system messages, it also ingested vast numbers of user-generated self-test data. Each self-test was logged in the database and included a record of who took the test — such as “self” or a relative, their age, and their gender.
Furthermore, the database also includes details like users-agents, browser version and operating systems.
The database also contains records of the users who signed up for a profile allowing users to update their symptoms over time. It also includes the question and answer of the users asked by symptoms checker including what symptoms they are experiencing, who they have been in contact with, and what health conditions they may have. There was also a location data of users in the database in the latitude and longitude format.
Currently, the database had been pulled offline but there is no further statement from Jio side.
Credit/Image: TechCrunch
For the same, India's largest telecom network Jio, had also launched its coronavirus self-test symptom checker app in the month of March. The symptom checker allows anyone to check their symptoms from their phone or Jio’s website to see if they may have become infected with COVID-19.
Security researcher Anurah Sen had discovered the core database of symptom checker on May 1, that was open for everyone without any authentication. The exposed database notification was first reported by TechCrunch, where they notify to Jio Team. In response to TechCrunch, Jio immediately pulled off the database.
“The logging server was for monitoring performance of our website, intended for the limited purpose of people doing a self-check to see if they have any COVID-19 symptoms.” - Jio spokesperson told.
According to the TechCrunch, the exposed database contains millions of logs and records starting April 17. It also contained a running log of website errors and other system messages, it also ingested vast numbers of user-generated self-test data. Each self-test was logged in the database and included a record of who took the test — such as “self” or a relative, their age, and their gender.
Furthermore, the database also includes details like users-agents, browser version and operating systems.
The database also contains records of the users who signed up for a profile allowing users to update their symptoms over time. It also includes the question and answer of the users asked by symptoms checker including what symptoms they are experiencing, who they have been in contact with, and what health conditions they may have. There was also a location data of users in the database in the latitude and longitude format.
Currently, the database had been pulled offline but there is no further statement from Jio side.
Credit/Image: TechCrunch