Close to 8.2 terabytes (TB) of data of MobiKwik users were leaked on the darknet. This contained sensitive information of the users including their know-your-customer (KYC) details, Aadhaar card data, PAN card, addresses to name a few. The company has denied the data breach but security researcher Rajshekhar Rajaharia has enough information to turn the tables.
Again!! 11 Crore Indian Cardholder's Cards Data Including personal details & KYC soft copy(PAN, Aadhar etc) allegedly leaked from a company's Server in India. 6 TB KYC Data and 350GB compressed mysql dump.@RBI @IndianCERT #InfoSec #dataprotection #Finance pic.twitter.com/yjc7davH3k— Rajshekhar Rajaharia (@rajaharia) February 26, 2021
This piece of news first came to light in February when Rajaharia addressed the public on Twitter that a hacker was selling MobiKwik user data, which is usually shared during the KYC procedure in confidence, on the darknet. He even pointed out to DH that the personal data of several high-profile Indian tech company founders were found in the compressed data dump. Rajaharia is a renowned independent security researcher who has been credited for bringing to light various dubious schemes that include the bug that caused WhatsApp group invites on Google searches last year and the Bharti Airtel data leak.
MobiKwik was quick to respond to the rumours. Their spokesperson said to DH, "Some security researchers have repeatedly attempted to present concocted files wasting precious time of our organization. We thoroughly investigated and did not find any security lapses. Our user and company data is completely safe and secure."
French hacker Robert Baptiste, also known as Elliot Alderson on Twitter, followed up on the topic of interest and gave his two cents. His tweet read, "Probably the largest KYC Data Leak in history. Congrats MobiKwik..." This tweet was attached with a screenshot of the leaked data. As of now, MobiKwik is yet to revert to this situation and is choosing to lay low.
Probably the largest KYC data leak in history. Congrats Mobikwik... pic.twitter.com/qQFgIKloA8— Elliot Alderson (@fs0c131y) March 29, 2021
The MobiKwik data leak has since then been a hot topic on Twitter and has seen a contribution of polar opposite views from netizens. While some are in favour of the Indian online payment company, many are siding with Rajaharia on this and are demanding a convincing clarification from the company. Last week, MobiKwik reportedly raised $7.2 million in a funding round after which it got listed on the stock exchange. As per Entrackr, its post-money valuation stands at $493 million at the moment.