- Independent researchers allege that KYC details of nearly 11 crore Indian MobiKwik s have been leaked on the Dark Web, including high-profile tech company founders' data.
- The alleged breach contains 8.2TB of data, including phone numbers, emails, s, addresses, bank s, and card details of s, available for 1.5 Bitcoin on the Dark Web.
- MobiKwik denies the breach, but s are advised to switch off international transactions, lower domestic transaction limits, and possibly block affected cards to protect their data.
If you have ever saved or used a card on MobiKwik, this news is for you! Independent cybersecurity researchers have alleged that a database containing KYC details of nearly 11 crore Indian s of MobiKwik is leaked on the Dark Web.
It was first tweeted by independent cybersecurity researcher Rajshekhar Rajaharia and then by French researcher Elliot Alderson on Monday. Alderson tweeted “Probably the largest KYC data leak in history” along with a screenshot of the blacked-out leaked data list on the darknet. “Personal data of several high-profile Indian tech company founders were found in the compressed data dump,” Rajaharia said!
Again!! 11 Crore Indian Cardholder's Cards Data Including personal details & KYC soft copy(PAN, Aadhar etc) allegedly leaked from a company's Server in India. 6 TB KYC Data and 350GB compressed mysql dump.@RBI @IndianCERT #InfoSec #dataprotection #Finance pic.twitter.com/yjc7davH3k
— Rajshekhar Rajaharia (@rajaharia) February 26, 2021
It is assumed that the alleged breach includes 8.2TB of data containing phone numbers, emails, hashed s, addresses, bank s, and card details of MobiKwik s. It also consists of 99 million mail, phone s, addresses, and data of other installed apps, IP addresses, and GPS locations.
According to the researchers, the entire breached database is available for 1.5 Bitcoin on the Dark Web. The seller has set up a dark web portal where anyone can search by phone number or email ID and get the results from the 8.2 TB of breached data. It is done to authenticate the data. Also, the seller has promised to delete the data once the payment is made. Back in 2017, we have covered the same story Major Security Flaws on Popular Mobile Wallets (Digital Wallets Scam)
However, MobiKwik has denied any such breach. “Some media-crazed so-called security researchers have repeatedly attempted to present concocted files wasting precious time of our organization as well as of the media. We thoroughly investigated and did not find any security lapses. Our and company data is completely safe and secure,” the company said!
https://t.co/D0zx8Y548Q Data Leak – 2021
Mobikwik has suffered a data breach which has exposed 99Million Indian s details of total 8TB data which includes:
• Phone
• Aadhar Card
• Pan Card
• Debit/Credit Card
• Other KYC document
Kindly change your s pic.twitter.com/5X1FeZSpYh— XploitWizer (@XploitWizer) March 28, 2021
Thus, if you have ever used or saved a card on MobiKwik, then you should immediately turn off international transactions while reducing the limit for the domestic transactions. If possible, you must block that particular card.
IT IS ADVISED TO ALL MOBIKWIK S TO KEEP A CLOSE WATCH ON THEIR DEBIT CARDS TRANSACTION THAT was LINKED WITH THEIR MOBIKWIK
Nearly 9 crore s below information are leaked ?
1. Mobikwik Phone Numbers
2. Your full name
3. Your KYC documents like PAN & Aadhaar
4. E-mail addresses
5. Hashed s
6. Debit/Credit Card details
7. Your GPS location
8. Phone model details including IMEI
9. Other apps in your system.
10. Your selfie
