Mobile payment platform Mobikwik came under scanner after the data of 10 crore of its users were put up on sale on a hacker forum on the dark web, alleged cyber security researcher Rajshekahar Rajaharia.
This data breach is claimed to have been done by a group of hackers called the ‘Ninja_Storm’ who have been selling the ‘leaked’ data online since 26 March. According to a post by the hacker group, the data is being sold at 1.5 Bitcoins, which is nearly Rs 63 lakhs.
The researcher said that the data of 10 crore Indians, which included KYC (Know-Your-Customer) forms, debit card numbers and other personal details, had been leaked from a Mobikwik server, following which, several users could independently verify their data being leaked on the dark web link that is being circulated on the internet.
Why Is Mobikwik Trending?
A massive data breach has been reported by cyber security experts claiming that the personal data of 10 crore Indians have been allegedly leaked.
Since then lakhs of users took to Twitter and posted screenshots of their data being leaked. Cyber security researcher Elliot Laderson called this leak the ‘largest KYC data leak in the history’. The data dump on the dark net is reported to be around 350GB in size.
What Data Has Been Leaked?
The alleged data leak includes:
- Aadhaar Card number
- Pan Card
- Picture Proof
- Credit Card Number
- Debit Card Number
- E-mail address
- Phone Number
- Passport Number
- IP Address
- GPS location
Mobikwik to Conduct Forensic Data Security Audit
Responding to the allegations made by several users, a Mobikwik spokesperson said, “As a regulated entity, the company takes its data security very seriously and is fully compliant with applicable data security laws. The company is subjected to stringent compliance measures under its PCI-DSS and ISO Certifications, which includes annual security audits and quarterly penetration tests to ensure security of its platform.”
“As soon as this matter was reported, the company undertook a thorough investigation with the help of external security experts and did not find any evidence of a breach. The company is closely working with requisite authorities on this matter, and considering the seriousness of the allegations will get a third party to conduct a forensic data security audit. For its users, the company reiterates that all MobiKwik accounts and balances are completely safe”, the spokesperson added.
What Can You Do Now?
Sharing his thoughts Independent Cyber Security Researcher Sourajeet Majumder told The Quint, “As per this breach, a huge number of people have alleged that they could find their own data in this dump, and thus the best practice for them would be to contact their bank and block the credit cards which they found as a part of this dump”.