In one of the biggest data breaches, 3.5 million users of Mobikwik are at risk. Their data is on sale on a hacker forum on the dark web. Mobikwik is a mobile payment app that has a digital wallet facility as well. In a detailed post, Mobikwik denied such a data leak.
Is Mobikwik Users Data Leaked?
Mobikwik is in trouble. Its users’ database is available for sale. Hackers are claiming that that the data is available on the dark web. Recently, Mobikwik declined such data leakage. The company said that all data is secured. There is no such leakage of data.
Hacker forum has revealed that a total of 8.2 TB of data of Mobikwik users is present online on the dark web. The data includes important details like aadhar card, credit card, mobile number, etc.
It all started in early March when an independent security specialist Rajshekhar Rajaharia talked about the Mobikwik data leakage. He also highlighted other companies’ data issues earlier. Mobikwik said that these claims are not true. The company clarified the issue with a detailed statement.
Rajaharia got support from his fellow cybersecurity experts like Elliot Anderson from France and Troy Hunt from Australia. They approved Rajaharia’s findings.
Different users also found that their data is available online as claimed by Rajaharia. These users searched the data on the Tor browser with the help of a link shared by Rajaharia. Many users confirmed these details on Twitter. They found that their details like a credit card, debit card, phone number, and other sensitive information are easily accessible via this link. Rajaharia shared that link with different media portals including Indian Express.
Recently, the search is blocked on that link. Rajaharia said:
“They have also masked a lot of the data so that threat actors won’t be able to misuse this data and said they had to take down search functionality because bots were being used to scan for the data.”
What Mobikwik Says About the Data Breach?
Mobikwik is still not changing its official statement. The company said:
“It takes its data security very seriously, and is fully compliant with applicable data security laws.” It also said that “it has a long-running Bugs Bounty program, where ethical hackers report security issues which are immediately fixed.”
The company further clarified that it may be possible that the same user has uploaded the same details on another website and the data is leaked from that source.
The company further added:
“It is entirely possible that any user could have uploaded her/ his information on multiple platforms. Hence, it is incorrect to suggest that the data available on the dark web has been accessed from MobiKwik or any identified source.”
When the issue was highlighted first time in early March, the company was quite upset with Rajaharia. In a series of tweets, the company said that they would file legal action against Rajaharia, calling him a ‘media crazed researcher.
The company also confirmed that “a thorough investigation with the help of external security experts and did not find any evidence of a breach.”
Mobikwik said:
“It is working with “closely working with requisite authorities. It is confident that security protocols to store sensitive data are robust and have not been breached. It will also get a third party to conduct a forensic data security audit, as a matter of precaution.”
To clear its users’ doubts, the company assured that the data is encrypted and well secured. The users should not worry at all.
Mobikwik said:
“No misuse of your wallet balance, credit card, or debit card is possible without the one-time-password (OTP) that only comes to your mobile number. We strongly recommend that you do not try to open any dark web/anonymous links as they could jeopardize your cyber safety.”