MobiKwik data breach: personal data of over 10 crore users reportedly on sale on dark web

Highlights

• Hackers have managed to access the information of over 10 crore MobiKwik users. 
• Personal data such as names, email addresses, PAN/Aadhar card numbers, credit/debit card info, and more are up for sale online. 
• MobiKwik denies any data breach has taken place

Popular mobile payments platform MobiKwik has reportedly suffered a major data breach, exposing the private information of over 10 crore users. Critical information such as names, email addresses, KYC details, credit/debit card numbers, and more appear to have been stolen. The database is an eye-watering 8.2TB in size and is up for sale on the dark web for 11.5 Bitcoin (approx Rs 63,640,00). Interestingly enough, it’s been quite some time since this information has been out and about on the internet, as per security researcher Rajshekhar Rajaharia on Twitter. The MobiKwik data breach has also been confirmed by French security researcher Elliot Alderson, who has an impressive track record in exposing security vulnerabilities. 

Probably the largest KYC data leak in history. Congrats Mobikwik… pic.twitter.com/qQFgIKloA8

— Elliot Alderson (@fs0c131y) March 29, 2021

Again!! 11 Crore Indian Cardholder's Cards Data Including personal details & KYC soft copy(PAN, Aadhar etc) allegedly leaked from a company's Server in India. 6 TB KYC Data and 350GB compressed mysql dump.@RBI @IndianCERT #InfoSec #dataprotection #Finance pic.twitter.com/yjc7davH3k

— Rajshekhar Rajaharia (@rajaharia) February 26, 2021

To make matters worse, MobiKwik vehemently denies that its infrastructure has been compromised. It had the following to say in a statement, “Some media-crazed so-called security researchers have repeatedly attempted to present concocted files wasting precious time of our organisation as well as members of the media. We thoroughly investigated and did not find any security lapses. Our user and company data is completely safe and secure.” It has been largely silent about the matter after issuing the statement. 

A media-crazed so-called security researcher has repeatedly over the last week presented concocted files wasting precious time of our organization while desperately trying to grab media attention.We thoroughly investigated his allegations and did not find any security lapses. 1/n

— MobiKwik (@MobiKwik) March 4, 2021

This isn’t the first time MobiKwik has witnessed a breach. The company had another infosec-related incident all the way back in 2010 and seems to have learned nothing from it. It still refuses to acknowledge that its servers have been breached, despite overwhelming evidence suggesting otherwise. Whether or not it has found out the vulnerability and fixed it remains unknown. There is no recourse for affected users, given that the entirety of their personal information has been leaked online.

The post MobiKwik data breach: personal data of over 10 crore users reportedly on sale on dark web first appeared on 91mobiles.com.

https://ift.tt/2PKotNa
https://ift.tt/3ucBv5n