advertisement
In the latest development on the alleged data leak from Mobikwik’s server, the hacker group has now claimed that it has deleted all the users’ data from its servers, and the users are now safe.
This comes after Mobikwik on Tuesday, 30 March, said they would initiate a forensic data security audit. “The company is closely working with requisite authorities on this matter, and considering the seriousness of the allegations will get a third party to conduct a forensic data security audit,” a Mobikwik spokesperson had said on Tuesday.
This data breach is claimed to have been done by a group of hackers called the ‘Ninja_Storm’ who have been selling the ‘leaked’ data online since 26 March. According to a post by the hacker group, the data was being sold at 1.5 Bitcoins, which is nearly Rs 63 lakhs.
The site on darknet which was tuned into a data dump where users could check their leaked information has now been shut down. It has now been replaced with a message stating Mobikwik’s data has been deleted.
“All Mobikwik Data is deleted on our servers. All users safe,” reads the message on the website.
On the bottom of the screen, a message by the hacker group reads, “I have been told that I am single-handedly helping India to make better data regulations and to fine companies if they lose user data like GDPR. Didn't expect this outcome when we hosted this site”.
Speculation are rife that this data breach was done ahead of Mobikwik’s IPO launch to malign the company’s reputation.
Responding to this allegation, hackers said, “We are not as ruthless as all those news reporters whose only aim is to destroy the company and report anything without thinking about consequences and to destroy the company's IPO”.
Internet Freedom Foundation has put out a statement backing cyber experts, after MobiKwik threatened legal action against the cyber security researcher who uncovered the breach. “It must immediately be recalled. Policy reform is needed as cyber security researchers face threats of legal prosecution without legislative protection,” read the statement by IFF.
Earlier in the first week of March when cyber expert Rajshekhar Rajaharia revealed the alleged data leak on Twitter stating that the data of 11 crore Indians have been leaked through Mobikwik’s server.
Immediately, on 4 March Mobikwik called the researcher (without naming) ‘media crazed’ and said that the company will take action against him for maligning the brand’s reputation. However, IFF has demanded that such cyber experts should not face threats of any legal prosecution as “they ensure that problems are discovered and fixed and bad people do not end up with our personal data”.
IFF also demanded that payment platform Mobikwik offer an explanation on why such a breach took place, provide details including the number of affected users and the date and time of the breach, besides issuing a statement explaining steps taken to ensure that such a breach does not occur in the future.
(At The Quint, we question everything. Play an active role in shaping our journalism by becoming a member today.)