If you have ever saved or used a card on MobiKwik, this news is for you! Independent cybersecurity researchers have alleged that a database containing KYC details of nearly 11 crore Indian users of MobiKwik is leaked on the Dark Web.
It was first tweeted by independent cybersecurity researcher Rajshekhar Rajaharia and then by French researcher Elliot Alderson on Monday. Alderson tweeted “Probably the largest KYC data leak in history” along with a screenshot of the blacked-out leaked data list on the darknet. “Personal data of several high-profile Indian tech company founders were found in the compressed data dump,” Rajaharia said!
Again!! 11 Crore Indian Cardholder's Cards Data Including personal details & KYC soft copy(PAN, Aadhar etc) allegedly leaked from a company's Server in India. 6 TB KYC Data and 350GB compressed mysql dump.@RBI @IndianCERT #InfoSec #dataprotection #Finance pic.twitter.com/yjc7davH3k
— Rajshekhar Rajaharia (@rajaharia) February 26, 2021
It is assumed that the alleged breach includes 8.2TB of data containing phone numbers, emails, hashed passwords, addresses, bank accounts, and card details of MobiKwik users. It also consists of 99 million mail, phone passwords, addresses, and data of other installed apps, IP addresses, and GPS locations.
According to the researchers, the entire breached database is available for 1.5 Bitcoin on the Dark Web. The seller has set up a dark web portal where anyone can search by phone number or email ID and get the results from the 8.2 TB of breached data. It is done to authenticate the data. Also, the seller has promised to delete the data once the payment is made. Back in 2017, we have covered the same story Major Security Flaws on Popular Mobile Wallets (Digital Wallets Scam)
However, MobiKwik has denied any such breach. “Some media-crazed so-called security researchers have repeatedly attempted to present concocted files wasting precious time of our organization as well as members of the media. We thoroughly investigated and did not find any security lapses. Our user and company data is completely safe and secure,” the company said!
https://t.co/D0zx8Y548Q Data Leak – 2021
Mobikwik has suffered a data breach which has exposed 99Million Indian Users details of total 8TB data which includes:
• Aadhar Card
• Pan Card
• Debit/Credit Card
• Other KYC document
Kindly change your passwords pic.twitter.com/5X1FeZSpYh
— XploitWizer (@XploitWizer) March 28, 2021
Thus, if you have ever used or saved a card on MobiKwik, then you should immediately turn off international transactions while reducing the limit for the domestic transactions. If possible, you must block that particular card.
IT IS ADVISED TO ALL MOBIKWIK USERS TO KEEP A CLOSE WATCH ON THEIR DEBIT CARDS TRANSACTION THAT was LINKED WITH THEIR MOBIKWIK ACCOUNT
Nearly 9 crore users below information are leaked ?
1. Mobikwik Account Phone Numbers
2. Your full name
3. Your KYC documents like PAN & Aadhaar
4. E-mail addresses
5. Hashed passwords
6. Debit/Credit Card details
7. Your GPS location
8. Phone model details including IMEI
9. Other apps in your system.
10. Your selfie