Skip to main content

MobiKwik Indian user data leak

MobiKwik Indian user data leak Reportedly MobiKwik exposed the KYC details and personal information of its close to 3.5 million users. All of this information is on sale for 1.5 Bitcoin, which is near equals to $85,000, according to reports. The company, however, has denied any such breach.

According to a security researcher, on the 29th of March, the well-known digital wallet and payment company Mobikwik had been leaked on the dark web. the data breach leaked sensitive information. Payment app MobiKwik on Monday came under news headlines for an alleged data leak that has exposed close to 8.2 terabytes(TB) of data. These include the user’s Know-Your-Customer (KYC) details, Aadhar card, phone number, address, and other personal information.

About 3.5 million users worry not only their credit and debit card details are available on the dark web. But their Mobikwik account number details, names, email addresses, passwords, GPS location, and mobile phone details like IMEI have also been hacked.

Security researchers have claimed that it is the largest KYC data leak in history.

Rajshekhar Rajaharia had said “11 Crore Indian Cardholder’s Cards Data Including personal details & KYC soft copy(PAN, Aadhar, etc) allegedly leaked from a company’s Server in India. 6 TB MySQL dump”.KYC Data and 350GB compressed

The leak was first spotted in February by security researcher Rajshekhar Rajaharia, which the company had denied at the time, and then by the French hacker and security researcher named Elliot Alderson.

Reportedly the data leak includes around 36,099,759 files size. It also includes 99,224,559 user phone numbers, hashed passwords, and the data is around to 8.2 TB. The hacker has reportedly set up a dark web portal where users can search for phone numbers and email ID to get the details. It also includes a total of 350 gigabytes of MySQL dumps that include 500 databases. It also consists of 99 million mail, phone passwords, Addresses and data surrounding installed apps, IP addresses, GPS locations, etc.

According to the national cybersecurity agency, cyber attacks have surged from 53,117 in 2017 to 208,456 in 2018, 394,499 in 2019, and 1158208 in 2020.

French hacker Robert Baptiste, also known as Elliot Alderson on Twitter, followed up on the topic of interest and gave his two cents. His tweet read, “Probably the largest KYC Data Leak in history. Congrats MobiKwik…” This tweet was attached with a screenshot of the leaked data.

The screenshot showed, adding that it contained KYC data of nearly 3.5 million people. It is reported to be up for sale on the Dark Web

In a statement MobiKwik rejects that such a data breach has occurred, MobiKwik spokesperson said “Some media-crazed so-called security researchers have repeatedly attempted to present concocted files wasting precious time of our organization as well as members of the media. We thoroughly investigated and did not find any security lapses. Our user and company data is completely safe and secure.” MobiKwik has denied the data breach.

MobiKwik had last week raised $7.2 million in a funding round prior to the listing on the stock exchange. reportedly MobiKwik raised $7.2 million in a funding round after which it got listed on the stock exchange. According to Entrackr, Mobikwik’s post-money valuation currently stands at $493 million with the latest funding round.

Labels:

Popular posts from this blog

Signal Introduces Usernames for Encrypted Messaging: A Secure Way to Connect

Signal, the encrypted messaging service, is launching a new feature in the coming weeks: support for usernames. This beta feature allows users to establish unique usernames, enabling connections without divulging phone numbers. source: Signal Blog To create a username, navigate to your settings and select "Profile." Once you've chosen a unique username, generate a QR code or link to share with others. Recipients can connect by entering your username into the chat bar. Usernames can be changed at any time, though previous usernames may be claimed by others. Signal began testing usernames last fall. Unlike social media platforms, Signal usernames do not serve as logins or public handles. They offer a discreet means of communication without revealing personal phone numbers. While a phone number is required to register for Signal, sharing it is optional. Usernames remain private and do not appear on profiles or in chats unless shared explicitly. As Randall Sarafa, Signal'
Read more

AT&T Resets Millions of Customer Passcodes After Data Leak: What You Need to Know

AT&T recently confirmed a significant data breach affecting over 7.6 million current customers and 65 million former customers. The leaked information, which dates back to 2019 or earlier, includes personal details like names, addresses, phone numbers, and social security numbers. Fortunately, financial information and call history were not compromised. In response to the breach, AT&T has reset passcodes for affected customers. Passcodes, usually four-digit numbers, serve as an additional layer of security when accessing accounts. However, security experts warn that the encrypted passcodes leaked alongside customer information could be easily deciphered, posing a risk of unauthorized account access. Affected customers are advised to set up free fraud alerts with major credit bureaus and remain vigilant for any suspicious activity related to their accounts. AT&T is proactively reaching out to impacted customers via email or letter to inform them about the breach and the meas
Read more

Safeguarding Internet Privacy: Supreme Court of Canada Upholds Protection of IP Addresses

In a recent ruling, the Supreme Court of Canada affirmed the significance of privacy rights concerning internet addresses. The court declared that police cannot simply obtain a suspect’s IP address without a court order, emphasizing the expectation of privacy that Canadian residents hold for such information. The court's decision stemmed from a case in 2017 involving Calgary police investigating fraudulent online activities at a liquor store. Initially, police demanded IP addresses from a credit card processor, which eventually led to obtaining subscriber information from Telus. This information was pivotal in making arrests and securing convictions in multiple offenses. Despite previous convictions, the accused contested the legality of obtaining IP addresses without proper authorization. The Supreme Court, in a 5-4 decision, asserted that IP addresses carry a reasonable expectation of privacy, necessitating judicial approval before access. The ruling emphasizes that obtaining jud
Read more