A new vulnerability has been found out by an independent researcher that exposes all its JioMoney users’ private data. The vulnerability allows fetching users’ private data like Aadhaar numbers along with other crucial details.
C.S Akshay, an independent security researcher, starting digging deep into JioMoney code when the customer cares support was not able to solve a grievance. During his testing, he found out a way to get a hold of users private data like date of birth, JioMoney MPIN, documents used and number along with when the user verify the SIM card and more.
A security just found a critical vulnerability with JioMoney. He could access #Aadhaar number of anyone with just phone number. @jiomoneycare seems to have reached out and fixed it https://t.co/pHZflgCwwX https://t.co/DzSojR4rNz pic.twitter.com/y4SuEmbaym
— Srinivas Kodali | శ్రీనివాస్ కొడాలి (@digitaldutta) July 3, 2018
“Absolutely irritated, I messed with Jio Money with [which] the issue resided and boom,” Akshay said, “a vulnerability was discovered!” he tweeted. However, he, later on, deleted the tweet after getting a call from Jio.
Interestingly, Jio was quick to defend it stating that it is just mischievous attempts to malign their services. “ We have come across an unverified and unsubstantiated claim of personal data of JioMoney users being exposed. We confirm that there is no such issue in JioMoney. Prima facie, the claims appear to be mischievous attempts to malign our services. We assure our users that their data is safe and maintained with the highest security,” the company said in a statement to Medianama.