#LeakAlert: Data from Jio's COVID-19 symptom checker exposed online

Like all available self-assessment tools, Jio's "Symptom Checker" also uses user inputs - like details of their health condition and travel history - to assess the risk of infection.

It launched late in March as part of the MyJio app, but just within two months of operation, a security lapse leaked a core database associated with the tool on the internet, without a password.

Discovered by security researcher Anurag Sen on May 1, the database in question contained website errors, system messages, and logs of user-provided information, TechCrunch reported.

This basically included test answers, like basic details of the person being checked - self/relative with age and gender - the symptoms they may have been witnessing, details of their pre-existing health conditions, and close contacts.

Along with the information that users had to provide to take the symptom checker test, the leaked database also contained information on their browser version and operating system.

And, if they had also given location permissions, the logs also displayed precise geolocation data - longitudes and latitudes - that could easily be used to figure where those people lived.

After Sen reported the exposure of the database to TechCrunch, the outlet notified Jio about the error, prompting the company to act quickly and pull it offline.

A spokesperson from the company issued a statement acknowledging the security lapse publicly but they did not clarify whether anyone else except Sen was able to access the database or if affected users would be informed.