The 24-year old man who was arrested from Rajasthan on Tuesday for making the data of 120 million Reliance Jio users public on a website allegedly wanted to create a search engine by compiling data from all telecom service providers in India.
According to a report by Indian Express, the accused was arrested after the Maharashtra Cyber Department traced the Internet Protocol address of the website on which he uploaded the data.
The accused, Imran Chhimpa is from Churu town, and holds a Masters in Computer Application.
“The accused had not made attempts to hide the digital trail or mask the server he was using. He was working out of his home,” a senior police officer told IE.
The police say that Chhimpa acquired the user name and password of a Jio retailer and used it to access a mobile application using which retailers make recharges for customers. The application gives retailers access to the firm’s database.
“At home, the accused designed a software, which he used to transfer the data he had obtained from the application on to the website,” the officer told IE.
Once he gained access to names, phone numbers and e-mail addresses of customers, he designed the website in such a way that visitors could search for names or phone numbers of Jio’s 120 million customers.
“To operate the search engine, you would have to know either the name or phone number of a customer. And the most you could learn from search results was the region in which the customer’s phone was active,” the officer told IE.
While he wanted to make a database of users from all telecom operators, he couldn’t find a way to get data from other firms.
Police are now looking into what software Chhimpa used to transfer the data from Jio.
The leak became public on July 9 as many tried and tested the website Magicapk, and details of Jio users appeared. However, the website was taken down in a few hours.
When contacted during the leak, a Jio spokesperson said that the claims were ‘unverified and unsubstantiated’ and that the data appeared to be unauthentic.
“We want to assure our subscribers that their data is safe and maintained with highest security. Data is only shared with authorities as per their requirement. We have informed law enforcement agencies about the claims of the website and will follow through to ensure strict action is taken,” the spokesperson said.