In the biggest dark leak in the Indian context, data details of around 10 crore users of Mobikwik has come up on sale by a hacker on the darknet. The independent security researcher, Rajshekhar Rajaharia has revealed this information. Again!! 11 Crore Indian Cardholder's Cards Data Including personal details & KYC soft copy(PAN, Aadhar etc) allegedly leaked from a company's Server in India. 6 TB KYC Data and 350GB compressed mysql dump.@RBI @IndianCERT #InfoSec #dataprotection #Finance pic.twitter.com/yjc7davH3k A note to our users. pic.twitter.com/J3WRM0Ko8v
Before naysayers may consider the news to be fake or an exaggeration, it should also be noticed that the renowned French cybersecurity expert Elliot Anderson aka Robert Baptiste has indicated that the information shared by the independent researcher is correct and true.
image credit - https://thehackernews.com/2021/03/mobikwik-suffers-major-breach-kyc-data.html
But as things would have expectedly turn out, Mobikwik has denied that it has any role in the data leak. The company has been vehemently denying the data breach issues. Mobikwik claims that the researchers have concocted the story and have presented fake pieces of evidence.
A Mobikwik representative went on record stating that "We thoroughly investigated and did not find any security lapses. Our user and company data is completely safe and secure," The company as squarely blamed the researchers stating that "Some security researchers have repeatedly attempted to present concocted files wasting precious time of our organization".
Here is what the independent researcher Rajaharia had to share information on and Elliot Anderson has indicated that they are in agreement with the claims made by the researcher.
Mobikwik was quick enough with an update and came up with this Tweet from Bipin Preet Singh, MobiKwik CEO,
The independent security researcher Rajshekhar Rajaharia has claimed that the data set is around 8.2 TB in size and consists of details of KYC documents, Aadhaar cards, credit card details, mobile phone numbers linked to MobiKwik wallet and many more other details.
While Mobikwik has still been denying the reports of a data breach, Rajaharia is also supported by Australian web security researcher Troy Hunt. Yet another Independent researcher Avinash Jain has also verified that the data leak has happened. He has categorically stated that
"The personal data of users can be accessed in plain text and are stored insecurely on their servers,...It seems the attacker got hold of their cloud infrastructure and was able to access data stores where this information was stored."
There has been no update on the exact status of the issues from Mobikwik as of now. It may be practical here to note that the Reserve Bank of India has been keeping a close vigil on these data breaches and may perhaps take actions if this continues.
Again!! 11 Crore Indian Cardholder's Cards Data Including personal details & KYC soft copy(PAN, Aadhar etc) allegedly leaked from a company's Server in India. 6 TB KYC Data and 350GB compressed mysql dump.@RBI @IndianCERT #InfoSec #dataprotection #Finance pic.twitter.com/yjc7davH3k— Rajshekhar Rajaharia (@rajaharia) February 26, 2021
A note to our users. pic.twitter.com/J3WRM0Ko8v— Bipin Preet Singh (@BipinSingh) March 30, 2021