- Mobikwik data is set to be breached by group of hackers.
- Hackers believed to have access to important information.
- Platform denies claims, says data is safe.
In what is believed to be one of the worst cases of data leaks, important information of 9.9 crore Mobikwik users has been leaked online, which the digital payments company has denied. The disclosure about the data leak was made by cybersecurity analyst Rajashekhar Rajaharia who has also written to the Reserve Bank of India, Indian computer emergency response team, PCI Standards, and payment technology firms, etc.
Mobikwik has denied these claims saying that it is a regulated entity and takes security very seriously. The platform claimed that it is closely working with requisite authorities on this matter, and considering the seriousness of the allegations will get a third party to conduct a forensic data security audit.
What went wrong?
The recent data leak is of serious nature as it is said to have exposed important user information including mobile phone number, bank account details, email, and even credit card numbers of 9.9 crore Mobikwik users. The screenshots of the Mobiwik breach were posted on Twitter by French security researcher who goes by the name Elliot Alderson. He called it the "largest KYC data leak in the history".
Even though Mobikwik has denied this leak, there are number of reasons to believe that a breach was made. First, a group of hackers by the name of Jordandaven emailed the link of the database to PTI. They shared the data of Mobikwik founder Bipin Preet Singh and Mobikwik CEO Upasana Taku from the database.
The hackers have maintained that they only want to get money from the company and do not plan to use it otherwise.
However, several users have posted screenshots of Mobiwik users' data put up for sale on dark web. In some cases, this data was being sold for 1.5 bitcoin or about $86,000. Again, the platform has denied the claims.
There is another report claiming that a separate dark web portal has been created which can be used to search data by phone number or email ID and get the specific results out of a total of 8.2 TB of data. Just the sheer size of data uploaded on the portal is alarming.
Mobikwik denies claims
The payments solution platform has shrugged away the claims of this data leak and has put the blame on users. In a response put out on Tuesday, the platform claimed that all accounts and user information with it were completely safe.
"Some users have reported that their data is visible on the dark web. While we are investigating this, it is entirely possible that any user could have uploaded her/his information on multiple platforms. Hence, it is incorrect to suggest that the data available on the darkweb has been accessed from MobiKwik or any identified source," the statement read.
This isn't the first time when the company has denied these claims. The matter was first brought to light last month by the same security researcher. Back then, Mobikwik had denied these claims and announced that it will take action against the researcher. It hasn't revealed if a complaint has been filed since.
"We thoroughly investigated his allegations and did not find any security lapses. Our user and company data is completely safe and secure. The various sample text files that he has been showcasing prove nothing. Anyone can create such text files to falsely harass any company. Finally, our legal team will be pursuing strict action against this so-called researcher who is trying to malign our brand reputation for ulterior motives," MobiKwik had said on Twitter.
What should you do?
The ongoing tussle between the platform and the researcher leaves Mobikwik users with lot of uncertainty and confusion. Even though the matter will be investigated over the next few days, the users are advised to update their Mobikwik account with new passwords. They should also update passwords to email addresses, setup two-factor authentication (2FA) including OTPs and fixed passcodes, wherever possible.
If you want check if your data is part of the leak, download Tor browser. It a free and open-source web browser that helps you anonymously browse the web. Open this link to access Mobikwik data put online. Search using your name or number to see if it is listed. If nothing shows up, you are safe. If information pops up, then immediately contact your bank and block your cards.
Update The hacker group which set up the website to showcase the stolen data from Mobikwik's servers has pulled it down from the website, claiming that all of it has been deleted from their servers and the users are now safe.