According to independent security researcher Rajshekhar Rajaharia, data of over 10 crore, Mobikwik users is for sale on a darknet hacker forum. Elliot Anderson, also known as Robert Baptiste, supported Rajaharia's claim on the alleged server breach in the digital wallet company on Monday and called it the biggest leak of KYC information to date, and the leading French cybersecurity specialist.
According to news, the huge data breach contains 36,099,759 files. Aside from that, the 8.2 TB of data contains 99,224,559 user phone numbers, email addresses, hashed passwords, addresses, bank accounts, and credit card details.
"Some security researchers have repeatedly attempted to present concocted files, wasting valuable time for our organisation," Mobikwik said in a statement. We conducted a systematic investigation and discovered no security flaws. Our client is safe and secure," a Mobikwik spokesperson told a media house.
Probably the largest KYC data leak in history. Congrats Mobikwik... pic.twitter.com/qQFgIKloA8— Elliot Alderson (@fs0c131y) March 29, 2021
On February 26, Internet security researcher Rajshekhar Rajaharia tweeted: "Again!! 11 Crore Indian Cardholder's Cards Data Including personal details & KYC soft copy (PAN, Aadhar etc) allegedly leaked from a company's Server in India. 6 TB KYC Data and 350GB compressed MySQL dump." That tweet, however, did not name any company.
Cyber attacks increased from 53,117 in 2017 to 208,456 in 2018, 394,499 in 2019, and 11,58,208 in 2020, according to the national cybersecurity agency.
This leak was known for a long time... https://t.co/gS65YmYGyx— Elliot Alderson (@fs0c131y) March 29, 2021
Bipin Preet Singh and Upasana Taku formed Mobikwik in 2009. It began as a digital wallet but has since developed into a horizontal fintech network that provides a range of financial services to its users, such as credit, insurance, and gold loans. Mobikwik has received approximately Rs 223 Cr ($29.56 Mn) in funding to date from investors such as Sequoia Finance, American Express, Bajaj Finserv, and others.