It is said that MobiKwik’s user data has been compromised, and hackers are said to be able to access MobiKwik’s user data through a dedicated search engine. The Gurgaon-based digital wallet company denied the data leak. However, independent security researchers claim that more than 8.2TB of data has been sold on the dark web for a long time. Gadget 360 was initially notified of a suspected data breach in February. Allegedly, these hacker groups have accessed the data for several months, and it is now accessible through a search engine, which will suggest some leaked data elements, including the names, phone numbers and emails of millions of affected users. ID.
MobiKwik denies any claims of sensitive data leakage, saying that it has not found any evidence of data breaches.
“As a regulated entity, the company attaches great importance to its data security and fully complies with applicable data security laws. A MobiKwik spokesperson said in an email statement that the company is subject to strict standards under its PCI-DSS and ISO certifications. Compliance measures, including annual security audits and quarterly penetration tests, to ensure the security of its platform.
The spokesperson added that considering the seriousness of the allegations, the company is closely “cooperating with necessary authorities” and will entrust a third party to conduct forensic data security audits.
The spokesperson said: “For its users, the company reiterated that all MobiKwik accounts and balances are completely safe.”
Cybersecurity researcher Rajshekhar Rajaharia first notified Advertisement Shout of the data breach on February 25. He once said that the credit and debit card details, names, email addresses and other details of more than 100 million users have been leaked on the dark web. The researchers also pointed out that in addition to the detailed information in the text, your Know Your Customer (KYC) information is also sold, which includes scanned documents such as permanent account numbers (PAN) and Aadhar cards, and banks with more than 50 million users The statement was provided by a hacker organization with the pseudonym “ninja_storm”.
The researchers shared some sample files, including table structures, with references to Zaakpay, MobiKwik’s payment gateway.
Soon after receiving the detailed information from the researchers, Advertisement Shout contacted Bipin Preet Singh and Upasana Taku, the co-founders of MobiKwik. However, the executives did not provide any clear information about this violation at the time. The email sent to CERT-In also did not receive any letters.
MobiKwik on March 4 Publicly deny Its role in the data breach and called the researcher “media craziness” without explicitly naming Rajashekar. The company also claimed that relevant researchers put forward “secret documents” to “attract media attention.”
However, on Monday, French security researcher Robert Baptiste, known as Elliot Alderson on Twitter, released details about the alleged data breach. He also provided detailed information about search engines allegedly created by hacker groups on the dark web, and provided some user details.
Several users on social media posted that they were able to find their details in the search engine.
The MobiKwik leak is real. This is what dumped me. One of these credit cards was only valid two weeks ago, and I don’t remember authorizing MobiKwik to save it. The lying company should bring it to the cleaner. https://t.co/sptyC1Jz8f pic.twitter.com/c4Uu25OviP
-Kiran Jonnalagadda (@jackerhack) March 29, 2021
Some of my data is there. In fact, even in 2013, the exact date I created my mobikwik account already exists.
Thankfully, this is an expired old card mentioned, because I only used mobikwik once.
Some (if not all) user data leaked from Bipin. https://t.co/6V2KZrY4ra
-Nick Hill Pawar (@nixxin) March 30, 2021
However, Widget 360 cannot independently verify whether the available detailed information is related to the so-called MobiKwik data breach.
Advertisement Shout podcast Orbital has a double spending this week: OnePlus 9 series and Justice League Snyder Cut (starting at 25:32). Orbital is available for Apple Podcast, Google Podcast, Spotify and wherever you get a Podcast.