Millions of Mobikwik user’s personal data has been leaked and is kept on sale on the Darknet. On Monday, the Payment app MobiKwik has come up in the news for alleged data leaks of the users including the Aadhaar card number, Pan Card, KYC details, addresses, and phone numbers. Around 8.2 terabytes (TB) of data has been leaked on the dark web.
Biggest Data Breach Ever From Indian Tech Company MobiKwik
Technadu was the first to report the data lead, the seller of the data has set up a dark web portal where one can search for a phone number or email ID. This can be useful for the attackers to hit the targets. Moreover, the leaked data can be bought for 1.5 Bitcoin.
It is said that this is the biggest data leak from an Indian tech company, as this data breach has impacted 100M users. This will give an impact on Mobikwik’s individual as well as Merchant’s customers.
However, the Gurugram-based fintech platform denies the data breach, says the data of their company and users are completely safe and secure.
The independent cybersecurity researcher Rajshekhar Rajaharia first spotted the data leak. It is said that the data contains 350GB of MySQL dumps or 500 databases, 99 Mn email, phone numbers, passwords, addresses, IP address, GPS Location, and data related device, 40M records of card numbers, expiry dates, card hashes, and more.
Indian payment systems giant "Mobikwik" allegedly suffered what may be considered the largest KYC data leak in history.
— Alon Gal (Under the Breach) (@UnderTheBreach) March 28, 2021
Earlier this month, on March 4, the security researcher Rajshekhar Rajaharia posted a tweet, and said, 11 crores of Indian cardholder data is leaked from the MobiKwik server. And many users confirmed that their data was available online.
Apart from data, it also has passports, Aadhaar cards, PAN cards, selfies, photo proof, and more. Almost all the important information that Mobikwik uses to furnish loads to the customers.
In a statement, Mobikwik said,
“Some media-crazed so-called security researchers have repeatedly attempted to present concocted files wasting precious time of our organization as well as members of the media. We thoroughly investigated and did not find any security lapses. Our user and company data is completely safe and secure.”
The list of documents that are available on the dark web:
- Total 350GB MySQL dumps – > 500 databases
- 99 Million, Emial ID, Phone, Passwords, Addresses, Apps, IP Addresses, GPS Location, and phone manufacturer.
- 40 Million, Card number, month, year, and card hash
- 7.5 TB of 3 million KYC data i.e, passports, Aadhar cards, pan cards, proof photos, selfies, and more details that are being given while taking loans.
For the past two years, the number of data leaks has been increasing in India. Last year, the BigBasket user’s data was on sale on Dark Web for over $40,000. Then in May, Edutech startup Unacademy user’s accounts were leaked.