MobiKwik came under fire after 8.2 TB of data belonging to millions of its users began circulating on the dark web in the aftermath of a major data breach that came to light earlier this month.
The leaked data includes sensitive personal information such as:
- customer names,
- hashed passwords,
- email addresses,
- residential addresses,
- GPS locations,
- list of installed apps,
- partially-masked credit card numbers,
- connected bank accounts and associated account numbers, and
- know your customer (KYC) documents of 3.5 million users.
Even credit card info also got breached I’m which Mobikwik is not removing the details violating the government regulations, where RBI prohibits online Merchants from storing card details, new set of rules due for effects later this year
MobiKwik serves nearly 120 million users The data leak site, which is accessible via Tor browser and boasts of 36,099,759 records, came online after the digital wallet company vehemently denied the incident
“A media-crazed so-called security researcher has repeatedly over the last week presented concocted files wasting precious time of our organization while desperately trying to grab media attention,” MobiKwik said “We thoroughly investigated his allegations and did not find any security lapses. The various sample text files that he has been showcasing prove nothing. Anyone can create such text files to falsely harass any company.”
More users have confirmed to the contrary, finding their personal details in the “MobiKwik India data leak” site, lending credence to the breach.
The compromise was originally advertised in a database leaking forum on February 24, with a hacker claiming access to 6TB data from an unnamed Paytm competitor.
It appears that after Researchers disclosed the leak, outed the company’s identity, and warned MobiKwik over email, the firm simultaneously took measures to stop the hacker from downloading the data