- Independent researchers allege that KYC details of nearly 11 crore Indian MobiKwik users have been leaked on the Dark Web, including high-profile tech company founders' data.
- The alleged breach contains 8.2TB of data, including phone numbers, emails, passwords, addresses, bank accounts, and card details of users, available for 1.5 Bitcoin on the Dark Web.
- MobiKwik denies the breach, but users are advised to switch off international transactions, lower domestic transaction limits, and possibly block affected cards to protect their data.
If you have ever saved or used a card on MobiKwik, this news is for you! Independent cybersecurity researchers have alleged that a database containing KYC details of nearly 11 crore Indian users of MobiKwik is leaked on the Dark Web.
It was first tweeted by independent cybersecurity researcher Rajshekhar Rajaharia and then by French researcher Elliot Alderson on Monday. Alderson tweeted โProbably the largest KYC data leak in historyโ along with a screenshot of the blacked-out leaked data list on the darknet. โPersonal data of several high-profile Indian tech company founders were found in the compressed data dump,โ Rajaharia said!
Again!! 11 Crore Indian Cardholder's Cards Data Including personal details & KYC soft copy(PAN, Aadhar etc) allegedly leaked from a company's Server in India. 6 TB KYC Data and 350GB compressed mysql dump.@RBI @IndianCERT #InfoSec #dataprotection #Finance pic.twitter.com/yjc7davH3k
— Rajshekhar Rajaharia (@rajaharia) February 26, 2021
It is assumed that the alleged breach includes 8.2TB of data containing phone numbers, emails, hashed passwords, addresses, bank accounts, and card details of MobiKwik users. It also consists of 99 million mail, phone passwords, addresses, and data of other installed apps, IP addresses, and GPS locations.
According to the researchers, the entire breached database is available for 1.5 Bitcoin on the Dark Web. The seller has set up a dark web portal where anyone can search by phone number or email ID and get the results from the 8.2 TB of breached data. It is done to authenticate the data. Also, the seller has promised to delete the data once the payment is made. Back in 2017, we have covered the same storyย Major Security Flaws on Popular Mobile Wallets (Digital Wallets Scam)
However, MobiKwik has denied any such breach. โSome media-crazed so-called security researchers have repeatedly attempted to present concocted files wasting precious time of our organization as well as members of the media. We thoroughly investigated and did not find any security lapses. Our user and company data is completely safe and secure,โ the company said!
https://t.co/D0zx8Y548Q Data Leak โ 2021
Mobikwik has suffered a data breach which has exposed 99Million Indian Users details of total 8TB data which includes:
โข Email
โข Phone
โข Aadhar Card
โข Pan Card
โข Debit/Credit Card
โข Other KYC document
Kindly change your passwords pic.twitter.com/5X1FeZSpYh— XploitWizer (@XploitWizer) March 28, 2021
Thus, if you have ever used or saved a card on MobiKwik, then you should immediately turn off international transactions while reducing the limit for the domestic transactions. If possible, you must block that particular card.
IT IS ADVISED TO ALL MOBIKWIK USERS TO KEEP A CLOSE WATCH ON THEIR DEBIT CARDS TRANSACTION THAT was LINKED WITH THEIR MOBIKWIK ACCOUNT
Nearly 9 crore users below information are leaked ?
1. Mobikwik Account Phone Numbers
2. Your full name
3. Your KYC documents like PAN & Aadhaar
4. E-mail addresses
5. Hashed passwords
6. Debit/Credit Card details
7. Your GPS location
8. Phone model details including IMEI
9. Other apps in your system.
10. Your selfie
