Users of MobiKwik are enraged and confuse after hearing the recent news about the organisation's data getting allegedly breached. However, the organisation has currently denied all such allegations even though many cybersecurity researchers reported about the incident on several social platforms. As per the researchers, this users data is completely available for access by hackers through a dedicated search engine. If you have been using this payment app for a long time, and you have been wondering about the MobiKwik data leak, then here is all you need to know.
The Gurugram-based payments portal has completely denied all the allegations about a data breach. However, cybersecurity experts have shown numerous evidence over 8.2TB in size of data getting leaked on the Dark Web. The group of hackers who have been allegedly accessing this data for quite a while now has made it accessible through a search engine that suggests some of the leaked data elements. The MobiKwik data breach includes details such as names, phone numbers, email IDs, card details and more. A Twitter user called Rajshekhar Rajaharia mentioned the number of affected users by writing, "11 crore Indian cardholder's cards data including personal details & KYC soft copy has been leaked".
Again!! 11 Crore Indian Cardholder's Cards Data Including personal details & KYC soft copy(PAN, Aadhar etc) allegedly leaked from a company's Server in India. 6 TB KYC Data and 350GB compressed mysql dump.@RBI @IndianCERT #InfoSec #dataprotection #Finance pic.twitter.com/yjc7davH3k— Rajshekhar Rajaharia (@rajaharia) February 26, 2021
We all are using Credit Debit cards online on daily basis. Companies should take responsablity of users data strongly. there should be a data leak disclosure policy too. pic.twitter.com/Jt3KkFs0zZ— Rajshekhar Rajaharia (@rajaharia) February 26, 2021
However, it seems that the authorities of MobiKwik have been investigated the matter and in a recent Tweet, the organisation said that - "a media-crazed so-called security researcher has repeatedly over the last week presented concocted files wasting precious time of our organization while desperately trying to grab media attention. We thoroughly investigated his allegations and did not find any security lapses." The organisation also said that it is going to take legal action against the security researcher.
Later, a well-known French security researcher, Robert Baptiste is also known as Elliot Alderson backed Rajshekhar Rajaharia's claims. He also provided the details about the search engine that was purportedly created by the group of hackers on the Dark Web.
The MobiKwik leak is real. Here is what the dump had for me. One of those credit cards was valid until a couple weeks ago, and I don't recall authorising MobiKwik to save it. Companies that lie like 👇 ought to be taken to the cleaners. https://t.co/sptyC1Jz8f pic.twitter.com/c4Uu25OviP— Kiran Jonnalagadda (@jackerhack) March 29, 2021