Cybersecurity researchers have alleged that a database containing KYC details of nearly 3.5 million users of MobiKwik is up for sale on the dark web.
Image for representation
Digital wallet and payments company MobiKwik, on Monday, denied claims that sensitive data of millions of its users has been leaked. Independent cybersecurity researchers have alleged that a database containing KYC (know your customer) details of nearly 3.5 million users of MobiKwik is up for sale on the dark web. First tweeted by independent cybersecurity researcher Rajshekhar Rajaharia and then by French researcher Elliot Alderson on Monday, the alleged breach includes 8.2TB of data containing users' phone numbers, emails, hashed passwords, addresses, bank accounts and card details. Again!! 11 Crore Indian Cardholder's Cards Data Including personal details & KYC soft copy(PAN, Aadhar etc) allegedly leaked from a company's Server in India. 6 TB KYC Data and 350GB compressed mysql dump.@RBI @IndianCERT #InfoSec #dataprotection #Finance pic.twitter.com/yjc7davH3k — Rajshekhar Rajaharia (@rajaharia) February 26, 2021 MobiKwik, however, vehemently denied any such breach. "Some media-crazed so-called security researchers have repeatedly attempted to present concocted files wasting precious time of our organisation as well as members of the media," the company said in a statement. "We thoroughly investigated and did not find any security lapses. Our user and company data is completely safe and secure," the company added. MobiKwik said that the various sample text files that the researcher has been showcasing prove nothing, and anyone can create such text files to falsely harass any company. "Finally, our legal team will be pursuing strict action against this so-called researcher who is trying to malign our brand reputation for ulterior motives," the company said. Alderson had tweeted: "Probably the largest KYC data leak in history." Rajaharia had claimed earlier that "11 crore Indian cardholder's cards' data including personal details and KYC soft copy (PAN, Aadhaar, etc) allegedly leaked from the company's server in India". According to the researchers, the entire database is available for 1.5 Bitcoin (nearly $84,000) on the dark web. Meanwhile, Hasgeek co-founder, Kiran Jonnalagadda tweeted that the MobiKwik data leak is for real and showed a data dump to prove his point. “One of those credit cards was valid until a couple weeks ago, and I don't recall authorising MobiKwik to save it. Companies that lie ought to be taken to the cleaners,” he said. The MobiKwik leak is real. Here is what the dump had for me. One of those credit cards was valid until a couple weeks ago, and I don't recall authorising MobiKwik to save it. Companies that lie like ought to be taken to the cleaners. https://t.co/sptyC1Jz8f pic.twitter.com/c4Uu25OviP — Kiran Jonnalagadda (@jackerhack) March 29, 2021 Ashwin Mahesh, the founder of Mapunity and co-founder of India Together, tweeted that with the company denying reports of the data breach, it’s not clear what the public is supposed to do. He also pointed to utilities around the country that use MobiKwik for online payments but are keeping quiet. Amidst reports of a large data breach at Mobikwik, the company is denying any leaks. It's not clear what the public is supposed to do. There are also utilities around the country which have signed up with Mobikwik for online payments, who are keeping very quiet :-) — Ashwin Mahesh (@ashwinmahesh) March 30, 2021 Several users have also tweeted about the alleged MobiKwik data leak. CHANGE YOUR PASSWORD NOW ⚠️ Even My Data was there in MobiKwik Biggest Ever Leak...#StaySafeOnline #Technical0812 #DataSecurity #databreach #dataleak #kyc #hacked #MobiKwik #mobikwikdatabreach #mobikwikdataleak pic.twitter.com/TNJ6H9zIEV — Shobhit Sharma (@ScriptKKiddie) March 30, 2021 I found my personal info ,card details & address listed on a website which has leaked database of #mobikwik users. @MobiKwik Pls take immediate action against this. #mobikwikdataleak@GoI_MeitY @rsprasad @Cyberdost @narendramodi @PMOIndia — Parth Deshpande (@IAmParthD) March 29, 2021 My data on @MobiKwik has been breached and posted online. It includes my email, passwords, Bank Account details, Card details, phone number, Account Creation date, etc.#mobikwik #MobikwikDataLeak #DataLeak pic.twitter.com/49I4azGQ2u — Prateek Pardeshi (@par_prateek) March 29, 2021 I found my data in this leak including details like my Credit card number and password hash. Please check if your data has leaked and change password proactively! This is the biggest data leak ever as per security researchers.@MobiKwikSWAT Please look into it.#MobikwikDataLeak https://t.co/eWV5BZvyzg — Abhishek Anand (@techieanand) March 30, 2021 @MobiKwik how can you directly deny that there is no data leak??? I have checked with 3 different accounts including mine, they have email, mobile number, card number. You will have to give the answers.#mobikwik#MobikwikDataLeak — Vella Engineer (@engineer_vella) March 29, 2021 My data on @MobiKwik has been breached and posted online. It includes my email, passwords, Bank Account details, Card details, phone number, Account Creation date, etc.#mobikwik #MobikwikDataLeak #DataLeak #databreach pic.twitter.com/K34ETN2plV — Pawan kushwaha (@Pawanku56606502) March 29, 2021 The reports surfaced as MobiKwik last week raised $7.2 million in a funding round prior to its listing on the stock exchange, according to regulatory filings with the Ministry of Corporate Affairs. The company is reportedly planning an initial public offering (IPO) around September this year to raise $200-250 million. According to Entrackr, MobiKwik's post-money valuation currently stands at $493 million with the latest funding round. Steps to check if your MobiKwik data has been leaked or not > First, you need to download the TOR browser. > Copy and paste the following link in the browser: https://ift.tt/3ryqZDB > Now, enter your mobile number and click on Search. How to protect yourself if your data has been leaked > To change your account password, you can go to https://ift.tt/3cBMrU9 and click Change Password. > If you wish to withdraw any remaining balance in your wallet or transfer to your bank account, go to https://ift.tt/3dhALoH > To deregister your UPI account from the website or mobile application, you can go to https://ift.tt/3waL9Ho > If you wish to remove any debit or credit cards linked to your account, go to https://ift.tt/3u2zf0n and click Remove. With IANS inputs
No comments:
Post a Comment