Mobikwik is a payment app similar to Paytm and PhonePe in India. This app has encountered a data breach with leaked information of up and close to around 3.5 million users. This sensitive information leaked consists of KYC details, addresses, phone numbers, Aadhar card data of the users. The sad part about this leak is the data is up for sale on the Dark Web which is frightening.
Besides, a security researcher claimed that the data of 3.5 million Mobikwik users were put up for sale on the dark web. The payment app currently is under the scanner since Monday. A dark web link is being circulated on the internet and some of the users have even spotted their data on the link. Moreover, the security researcher named Rajshekhar Rajaharia has first spotted this data breach.
Rajshekhar Rajaharia, the security researcher on the breach said in February that “6 TB KYC Data and 350GB compressed MySQL dump. That has 11 Crore Indian Cardholder’s Cards Data Including personal details. The leaked data includes softcopies of KYC such as PAN card and Aadhaar card details from the company server.
Mobikwik Data Breach and Company’s Take on the Data Leak
Although, Mobikwik is denying the fact that a data breach has taken place. They concluded that
Some security researchers have repeatedly attempted to present concocted files wasting precious time of our organization. We thoroughly investigated and did not find any security lapses. Our user and company data is completely safe and secure
– a Mobikiwk Employee.
Moreover, many Twitter users have been posting pictures of the seller asking for 1.5Bitcon which is approx. Rs 63,20,535 and is promising to delete all the data after the transfer of the amount. The bug that caused WhatsApp group invites to appear in Google searches earlier this year was flagged by Rajshekhar Rajaharia. He even disclosed the data breach in the Bharti Airtel server.
The Bharati Airtel server breach consisted of More than 2.5 million customers’ details. This includes phone numbers and Aadhaar details leaked online. Besides, Not only he but a French hacker Robert Baptiste alias Elliot Alderson on Twitter has posted a tweet quoting,
Probably the largest KYC data leak in history. Congrats Mobikwik…
Moreover, the company is denying the data breach where we lose trust in these types of firms that are not accountable for users’ data.
The detailed list of information that got leaked from Mobikwik’s server is a Total of 350GB MySQL dumps – 500 databases. Data of 99 million users with email ID, phone, passwords, addresses, apps installed, phone manufacturer, IP address, and GPS location. Card details of 40 million with 10 digit card, month, year, card hash. Approximately, 7.5 TB of 3 million Merchant KYC data which include passports, Aadhar cards, pan cards, selfies, store picture proof, and more used to get loans on the mobile phone-based payment system.