Cybersecurity experts have claimed a huge Mobikwik data breach where the data of Mobikwik users amounting to over 3.5 million users has been made available for sale on the dark web. The data breach was first reported by an independent researcher and was later fortified by the data security experts. However, the company has vehemently denied the allegations and has been blaming the researchers for being “media crazed”
What is this Mobikwik Data Breach all about?
The data breach was first tweeted by the independent security researcher Rajshekhar Rajaharia, and he was later backed by the French Cybersecurity expert Elliot Alderson. The details were further backed by another security expert and researcher Independent researcher Avinash Jain. The claims by Rajaharia have also been backed by the Australian web security researcher Troy Hunt, creator of ‘haveibeenpawned’.
Again!! 11 Crore Indian Cardholder’s Cards Data Including personal details & KYC soft copy(PAN, Aadhar etc) allegedly leaked from a company’s Server in India. 6 TB KYC Data and 350GB compressed mysql dump.@RBI @IndianCERT #InfoSec #dataprotection #Finance pic.twitter.com/yjc7davH3k
— Rajshekhar Rajaharia (@rajaharia) February 26, 2021
He and his claims were further backed by the French expert –
This leak was known for a long time… https://t.co/gS65YmYGyx
— Elliot Alderson (@fs0c131y) March 29, 2021
What was the quantum of the data that was breached?
According to the reports, the data has been of the size over 8.2 TB and includes the data that belongs to data belonging to millions of its users of MobiKwik.
The details available on the dark web for sale include the details such as
- Customer names,
- Hashed passwords,
- Email addresses,
- Residential addresses,
- GPS locations,
- List of installed apps,
- Partially-masked credit card numbers,
- Connected bank accounts and associated account numbers, and
- Know your customer (KYC) documents of 3.5 million users.
Mobikwik Denies the Data Breach Reports
A Mobikwik has been vehemently denying the reports of any data breach. They put the blame squarely on the independent researcher and called him of being media crazed.
The spokesperson for the Gurugram based Fintech company stated that
Australian Security Expert took MobiKwik immediately to the task. They were fast enough to showcase how MobiKwik is trying to save its face,
— Troy Hunt (@troyhunt) March 29, 2021
Mobikwik even came up with a Tweet from its CEO on 30th March 2021, which claimed that the data breach reports were not genuine.
You can check the actual tweet from CEO Bipin Preet Singh at this link.
The data has been made available for sale on the dark web for payment of 1.5Bitcon (approx. Rs 63,20,535) and has promised to delete all the data after the transfer of the amount.