Home Tech and auto ‘No Evidence of Breach’: Mobikwik on Data Leak of 10 Cr Indians

‘No Evidence of Breach’: Mobikwik on Data Leak of 10 Cr Indians

The company also said it is conducting a forensic data security audit and that all accounts are safe.

Mehab Qureshi

Tech and Auto

Updated: 30 Mar 2021, 06:33 PM IST

Mobikwik came under scanner after the data of 10 crore of its users were put up on sale on a hacker forum on the dark internet.

(Photo: The Quint)

Mobile payment platform Mobikwik came under scanner after the data of 10 crore of its users were put up on sale on a hacker forum on the dark web, alleged cyber security researcher Rajshekahar Rajaharia.

This data breach is claimed to have been done by a group of hackers called the ‘Ninja_Storm’ who have been selling the ‘leaked’ data online since 26 March. According to a post by the hacker group, the data is being sold at 1.5 Bitcoins, which is nearly Rs 63 lakhs.

The researcher said that the data of 10 crore Indians, which included KYC (Know-Your-Customer) forms, debit card numbers and other personal details, had been leaked from a Mobikwik server, following which, several users could independently verify their data being leaked on the dark web link that is being circulated on the internet.

Why Is Mobikwik Trending?

On 26 March, a group of hackers created a search engine on the dark site where users can search their leaked information.

A massive data breach has been reported by cyber security experts claiming that the personal data of 10 crore Indians have been allegedly leaked.

Since then lakhs of users took to Twitter and posted screenshots of their data being leaked. Cyber security researcher Elliot Laderson called this leak the ‘largest KYC data leak in the history’. The data dump on the dark net is reported to be around 350GB in size.

What Data Has Been Leaked?

The data is being sold at 1.5 Bitcoins which comes to Rs 63 lakhs(approx).

The alleged data leak includes:

Aadhaar Card number
Pan Card
Selfies
Picture Proof
Credit Card Number
Debit Card Number
E-mail address
Phone Number
Passport Number
Passwords
IP Address
GPS location

Mobikwik to Conduct Forensic Data Security Audit

Responding to the allegations made by several users, a Mobikwik spokesperson said, “As a regulated entity, the company takes its data security very seriously and is fully compliant with applicable data security laws. The company is subjected to stringent compliance measures under its PCI-DSS and ISO Certifications, which includes annual security audits and quarterly penetration tests to ensure security of its platform.”

“As soon as this matter was reported, the company undertook a thorough investigation with the help of external security experts and did not find any evidence of a breach. The company is closely working with requisite authorities on this matter, and considering the seriousness of the allegations will get a third party to conduct a forensic data security audit. For its users, the company reiterates that all MobiKwik accounts and balances are completely safe”, the spokesperson added.

ADVERTISEMENTADVERTISEMENT

What Can You Do Now?

Sharing his thoughts Independent Cyber Security Researcher Sourajeet Majumder told The Quint, “As per this breach, a huge number of people have alleged that they could find their own data in this dump, and thus the best practice for them would be to contact their bank and block the credit cards which they found as a part of this dump”.

Also Read Acer Hit by a $50 Million Ransomware Demand: Should You Worry?

(At The Quint, we are answerable only to our audience. Play an active role in shaping our journalism by becoming a membe r. Because the truth is worth it.)

Published: 30 Mar 2021,01:54 PM IST

SCROLL FOR NEXT