Published on Mar 04, 2023
Complaint Against Mobikwik : A massive database appeared for sale on a popular hacker forum containing highly sensitive details of millions of Indians, users of MobiKwik.
This is a Gurugram-based company offering a mobile phone-based payment system and a digital wallet, enabling users to perform transactions right from the mobile app.
Independent researcher Rajshekhar Rajaharia has spotted the new database and informed us of the fact, so we have taken a look, and we can confirm that the data appears to be valid. The seller has set up a dark web portal where one can search by phone number or email ID and get the specific results out of a total of 8.2 TB of data.
But, MobiKwik vehemently denied any such breach. “Some media-crazed so-called security researchers have repeatedly attempted to present concocted files wasting precious time of our organisation as well as members of the media,” the company said in a statement.
“We thoroughly investigated and did not find any security lapses. Our user and company data is completely safe and secure,” it added.
Alderson had tweeted: “Probably the largest KYC data leak in history.” Rajaharia had claimed earlier “11 crore Indian cardholder’s cards’ data including personal details and KYC soft copy (PAN, Aadhaar) allegedly leaked from the company’s server in India.” As per the researchers, the database is available for 1.5 Bitcoin (nearly $84,000) on the Dark Web.
The seller claims that each of the merchant entries in the database can be used to raise $500-$1,000 loans in Indian currency, so the investment of the 1.5 BTC could supposedly yield up to three billion USD. Allegedly, a partner has tried to raise a couple of loans as proof of concept, and it worked out as expected.
"Some media-crazed so-called security researchers have repeatedly attempted to present concocted files wasting precious time of our organization as well as members of the media. We thoroughly investigated and did not find any security lapses. Our user and company data is completely safe and secure."
The number of data breaches in India has been rising over the last two years. In November, BigBasket had filed a complaint with the Cyber Crime Cell in Bengaluru to verify claims made by cybersecurity intelligence firm Cyble that a hacker had put up the online grocer’s user data for sale on the Dark Web for over $40,000. In May, Edutech startup Unacademy had also disclosed a data breach that compromised the accounts of 22 million users.
MobiKwik is India’s largest issuer-independent digital financial services platform, leveraging a sophisticated product and merchant acquisition capabilities. It is the undisputed No.2 player in the mobile wallet space in India and amongst the top 3 players in the payment gateway industry in the country. It has a network of over 3 million direct merchants, 140+ billers and 107 million-plus users. It records over 1 million transactions/ day.
Founded in 2009 by Bipin Preet Singh & Upasana Taku, MobiKwik is backed by marquee investors including Sequoia Capital, American Express, Tree Line Asia, MediaTek, GMO Payment Gateway, Cisco Investments, Net1 and Bajaj Finance.