In what is now believed to be arguably the country’s biggest data leak, sensitive information of nearly 100 million Mobikwik users has been leaked online. This disclosure was made by a cybersecurity researcher Rajashekhar Rajaharia who also notified the Reserve Bank of India, the Indian computer emergency response team, PCI Standards, and payment technology firms, etc. about the leak.
However, the fintech brand has denied any such allegations.
What Transpired?
This alleged data leak has to be taken seriously as it is believed to have exposed sensitive user information like mobile numbers, bank account details, email, and even credit card details of nearly 100 million Mobikwik users. This disclosure was also backed by a French researcher who called it “The largest KYC data leak in the history”.
The hackers emailed the link of the database to the Press Trust of India along with the data of the founders of Mobikwik making the hack more believable.
The data was being sold for 1.5 Bitcoin or about $86,000 with numerous users posted screenshots of the same, validating not only the hack but the sale of its data as well.
Another report claimed that a separate dark web portal had been created with the sole purpose of allowing users to search their data with their registered mobile number or email address, to get specific results out of a total of 8.2 TB of data.
Allegations Denied –
Mobikwik has denied any claims of a data leak and has gone on to say that all accounts and user information are completely safe with them. However, this is not the first time the organization has denied such claims.
A month ago the same security researcher reported these claims which were denied by Mobikwik and they had even announced that they would take legal action against the researcher.
Recent development –
On the 30th of March 2021, Mobikwik released an official statement saying that they have undertaken a thorough investigation with the help of various external security experts and did not find any evidence of a security breach.
Around the same time – the hacker posted a major update stating that they have deleted all the data they have posted online and now the user data is safe with Mobikwik.
What should end-users do in such a situation?
This entire situation has left the end-users in a fix. Consequently, our internal experts have advised users to update their Mobikwik account with new alphanumeric passwords. Setting up eScan’s Two-Factor Authentication is also advised as it provides an extra layer of protection against unauthorized logins.
To read more, please check eScan Blog
