ADVERTISEMENTREMOVE AD

‘No Evidence of Breach’: Mobikwik on Data Leak of 10 Cr Indians

The company also said it is conducting a forensic data security audit and that all accounts are safe.

Updated
story-hero-img
i
Aa
Aa
Small
Aa
Medium
Aa
Large

Mobile payment platform Mobikwik came under scanner after the data of 10 crore of its users were put up on sale on a hacker forum on the dark web, alleged cyber security researcher Rajshekahar Rajaharia.

This data breach is claimed to have been done by a group of hackers called the ‘Ninja_Storm’ who have been selling the ‘leaked’ data online since 26 March. According to a post by the hacker group, the data is being sold at 1.5 Bitcoins, which is nearly Rs 63 lakhs.

The researcher said that the data of 10 crore Indians, which included KYC (Know-Your-Customer) forms, debit card numbers and other personal details, had been leaked from a Mobikwik server, following which, several users could independently verify their data being leaked on the dark web link that is being circulated on the internet.

ADVERTISEMENTREMOVE AD

Why Is Mobikwik Trending?

A massive data breach has been reported by cyber security experts claiming that the personal data of 10 crore Indians have been allegedly leaked.

Since then lakhs of users took to Twitter and posted screenshots of their data being leaked. Cyber security researcher Elliot Laderson called this leak the ‘largest KYC data leak in the history’. The data dump on the dark net is reported to be around 350GB in size.

What Data Has Been Leaked?

The alleged data leak includes:

  • Aadhaar Card number
  • Pan Card
  • Selfies
  • Picture Proof
  • Credit Card Number
  • Debit Card Number
  • E-mail address
  • Phone Number
  • Passport Number
  • Passwords
  • IP Address
  • GPS location

Mobikwik to Conduct Forensic Data Security Audit

Responding to the allegations made by several users, a Mobikwik spokesperson said, “As a regulated entity, the company takes its data security very seriously and is fully compliant with applicable data security laws. The company is subjected to stringent compliance measures under its PCI-DSS and ISO Certifications, which includes annual security audits and quarterly penetration tests to ensure security of its platform.”

“As soon as this matter was reported, the company undertook a thorough investigation with the help of external security experts and did not find any evidence of a breach. The company is closely working with requisite authorities on this matter, and considering the seriousness of the allegations will get a third party to conduct a forensic data security audit. For its users, the company reiterates that all MobiKwik accounts and balances are completely safe”, the spokesperson added.

What Can You Do Now?

Sharing his thoughts Independent Cyber Security Researcher Sourajeet Majumder told The Quint, “As per this breach, a huge number of people have alleged that they could find their own data in this dump, and thus the best practice for them would be to contact their bank and block the credit cards which they found as a part of this dump”.

(At The Quint, we question everything. Play an active role in shaping our journalism by becoming a member today.)

Published: 
Speaking truth to power requires allies like you.
Become a Member
×
×