Mobikwik data leak: Personal data of 3.5 million users up for sale on dark web

According to reports, personal data of 3.5 million Mobikwik users in India up for sale on dark web. However, company denies claims.

Cybersecurity expert Rajshekhar Rajaharia has reported a massive data breach affecting Mobikwik’s digital payment platform. The breach, which has made the personal data of millions of Mobikwik users available on the dark web, was first brought to light by the TechNaidu technology news website.

The leaked data includes sensitive information such as mobile phone numbers, bank account details, and email addresses. Furthermore, it is claimed that over 9.9 crore Mobikwik customers’ data has been hacked and is being sold for 1.5 bitcoin.

MobiKwik Data Leak: Security Failure

Despite the severity of the situation, Mobikwik has consistently denied any security failures, asserting that their user and company data remain secure. The company has declared that it is a regulated entity that prioritizes security and is actively collaborating with the relevant authorities. Moreover, Mobikwik has announced plans to engage a third-party service to conduct a forensic data security audit.

This data leak is one of the most significant in recent times, with the potential to expose KYC (Know Your Customer) documents, Aadhaar cards, credit card details, and other personal information. The breach was initially detected by Rajaharia and subsequently confirmed by other independent researchers, including the French security researcher known as Elliot Alderson. The incident underscores the growing need for stringent cybersecurity measures in the fintech sector.

Mobikwik Data breach: Screenshot of leaked Mobikwik Data
Mobikwik Data breach: Screenshot of leaked Mobikwik Data

The cybersecurity landscape was shaken by revelations from French ethical hacker Robert Baptiste, known on Twitter as Elliot Alderson. He also confirmed the massive KYC data breach of Mobikwik users, echoing the concerns raised by independent researchers. Baptiste’s tweet reveals the gravity of the situation, suggesting it might be the largest KYC data leak ever.

His involvement brought significant attention to the data privacy risks associated with digital payment platforms. Baptiste’s expertise and his large following on social media platforms underscore the critical nature of safeguarding user data in the fintech industry.

Mobikwik Data leak: Whole Story

Recent reports have disclosed a massive data leak involving approximately 36 million files, totaling a staggering 8.2 terabytes of data. This extensive collection of files, which could contain sensitive personal information, appears for sale on the dark web. The asking price for this trove of data is set at 1.5 bitcoins. Based on current exchange rates, this equates to approximately USD 77,171. Meanwhile, this incident highlights the ever-present risks of data security breaches and the high value of personal data in the cybercrime ecosystem.

The Mobikwik data breach report has shed light on the extensive nature of the incident. Thus, indicating that the compromised data may encompass a wide array of personal user information. The specifics of the leaked data are likely to include email addresses, mobile numbers, banking information, and credit/debit card details.

In a related development, Google has initiated a migration process. The search giant is urging Google Play Music users to transfer their libraries and data to the YouTube Music App. Thus, marking a significant shift in the digital music landscape. Also Read – Flipkart Big Billion Days Sale date announced; big discounts on mobiles, electronic devices

Detailed List of Data available for sale

At the check out, a list of documents is available on dark web for sale. These documents includes Mobikwik data such as

  • 350GB of MySQL dumps, which is approximately equivalent to 500 databases
  • A total of about 99 million email address, phone/mobile numbers, passwords were on radar. Additionally, residential/official addresses, app data, phone OEM Details, IP Addresses etc also included.
  • It also contains about 7.5TB of 3 million KYC data. This data includes KYC Document details like Aadhar Card details, PAN Card details, passport details, Profile Pictures and more.

Mobikwik denies data breach claims

In the wake of the reported data leaks, Mobikwik has firmly denied such allegations. The company’s official statement suggests that certain researchers are attempting to mislead the public and media with fabricated documents. Mobikwik underlines that after a rigorous internal review, no proof of data intrusion was discovered. The company reassures that both user and corporate data remain intact and secure, highlighting their commitment to data protection. Mobikwik’s proactive stance includes stringent security measures and compliance with data security laws, ensuring robust protection of customer information.

Written by Pulkit Sharma

I love working on WordPress, Web Designer from past 7+ years working mainly on mobile & web apps. Always keen to be part of interesting projects.

Xiaomi Mi Band 6, Mi AX9000 Gaming Wi-Fi router launched

Poco X3 Pro launches in India with Qualcomm Snapdragon 860 SoC