MobiKwik, the payments company, came under fire on Monday after a security researcher reported that the crucial data of millions of users had been sold on the dark web. According to the researcher, the crucial information of 3.5 million users was put up for sale on the dark web, including KYC details, addresses, phone numbers, Aadhar card data, and other personal information. Several users claim to have discovered their personal information on a dark web link is circulating on the Internet.
Discovery of Data Leak
In February, security researcher Rajshekhar Rajaharia discovered the data breach. He said “11 Crore Indian Cardholder’s Cards Data Including personal details & KYC soft copy(PAN, Aadhar etc) allegedly leaked from a company’s Server in India. 6 TB KYC Data and 350GB compressed mysql dump,”
Another security researcher by the name of Elliot Alderson shared screenshots of the MobiKwik breach on Twitter. It was the “largest KYC data leak in history,” he said.
Data Breach
According to a TechNadu article, users’ email addresses, phone numbers, passwords, installed applications, phone manufacturer, IP address, GPS locations, and other information was revealed. The alleged seller has also set up a dark web portal According to a TechNadu article, users’ email addresses, phone numbers, passwords, installed applications, phone vendor, IP address, GPS locations, and other information was revealed. The alleged seller has also set up a dark web portal “where one can search by phone number or email ID and get the specific results out of a total of 8.2 TB of data.”
MobiKwik refuted Rajshekhar’s claims in February, but a web link from the dark web was reportedly discovered online on Monday. On the dark web, users claimed to have seen their personal information. Several users have exchanged screenshots of MobiKwik users’ data on the dark web, which was for sale. According to a news report, the data was sold for 1.5 bitcoin, or $86,000.
Denial of Data Breach
MobiKwik, on the other hand, has flatly refuted Rajaharia’s allegations. A spokesperson of MobiKwik said, “Some media-crazed so-called security researchers have repeatedly attempted to present concocted files wasting precious time of our organization as well as members of the media. We thoroughly investigated and did not find any security lapses. Our user and company data is completely safe and secure.”