The Indian payments’ giant MobiKwik is facing a lot of bad press over denying undergoing a massive cyber attack!
On Monday, the company came under fire for an alleged data leak that exposed around 8.2 terabytes (TB) of its users’ sensitive data, including know-your-customer aka KYC details, addresses, mobile phone numbers, credit/debit card data, Aadhaar card data and more.
It is being considered that around 3.5 million Mobikwik users are currently at risk. However, the company still continues to disavow the attack taking place in the first place.
Note here that the data leak was first reported in the previous month by Rajshekhar Rajaharia, a security researcher. However, Mobikwik rejected the claim right away.
But then, yesterday, after a dark web link related to the attack began circulating in online forums, many of Mobikwik’s users confirmed that they have seen their personal details in it.
Several Mobikwik users also took screenshots of the hacked data (which was put up for sale for 1.5 BTC or $86,000) and posted it on social media platforms to let the company it has been knowingly hiding the truth.
To this outrage, a Mobikwik spokesperson replied that a few ‘media crazed’ and ‘so called so-called researchers’ have been presenting doctored files to waste the company’s time and resources. But after a thorough investigation, there haven’t been found any security lapses whatsoever. Thus, the data of Mobikwik’s users are completely safe and secure.
The security researcher, since February, has been vehemently generating awareness about Mobikwik’s alleged data leak on Twitter by posting pictures of documents that reveal information such as PAN, Aadhar and other personal details of users.
Besides Rajarshi, several others have also taken to Twitter to share how their personal information they previously attached to Mobikwik is being circulated online and used.
The French hacker Robert Bapisteror who also goes by the pseudonym Elliot Alderson and is responsible for previously exposing the flaws of the PayTM, Aadhaar and OnePlus, said that the latest Mobikwik data leak is probably one of the largest KYC data leaks in Indian history!
Another security research who wished to remain anonymous said that there is very little users can do now to safeguard their information if the breach has occurred. Therefore, they must demand accountability from the company.
Lastly, Indrajeet Bhuyan, who is an independent security researcher, mentioned that there currently exists a big probability threat actors will use the exposed data to scam people with more confidence and authenticity, given details such as Aadhar card number, Pan number, etc. aren’t masked.
Anyone listed in the database is vulnerable to multiple types of financial fraud because scammers can reach out to the victims via their exposed phone numbers and email IDs with ease.
We will keep you updated on all future developments. Until then, stay tuned.