Labelled as one of the worst cases of data breaches, Mobikwik refuses to claim the charges of the leaked data of its 9.9 crore users.
Cybersecurity expert Rajashekhar Rajaharia revealed the data breach in a letter to the Reserve Bank of India. He also shared it with the Indian computer emergency response committee and payment processing companies, among others.
Jordandaven, a hacker organization, emailed PTI the database link. In which they stated their intentions of only using the data to extort money from the company and erasing it from their end.
Mobikwik has dismissed these charges, arguing that it is a controlled organization that takes protection very seriously. According to the website, it is working closely with the relevant authorities on this matter. While acknowledging the severity, they intend on engaging a third party to perform a forensic computer protection examination.
Mobikwik founder Bipin Preet Singh and Mobikwik CEO Upasana Taku\’s data are shared from Jordandaven\’s servers. According to a company spokesperson, the company takes data security very seriously as a regulated entity. Therefore ultimately, it is fully compliant with all applicable data security laws.
The database belongs to Mobikwik, according to the hackers, who posted several pictures of the Mobikwik QR code as well as documents used for \’Know Your Customer\’ enforcement, mostly the Aadhaar and Pan passport.
Mobikwiks response to the leak:
Mobikwik stated that it is working closely with the appropriate authorities on this matter. Although, due to the severity of the accusations, a third party will conduct a forensic data protection investigation. According to Rajaharia, government officials could probe the data breach promptly because it has far-reaching implications that could lead to a slew of financial frauds.
The severity of this data breach is consequential due to the sensitive user information involved. This includes details such as cell phone numbers, bank account records, email addresses, and even credit card numbers of 9.9 million Mobikwik users. Moreover, French security researcher Eliot Alderson also shared the \’Mobiwik leak\’ screenshots on Twitter. It was the \”worst KYC data breach in history,\” he said.
Despite Mobikwik\’s denial, there are many grounds to suspect that a violation occurred. Jordandaven, a group of hackers, first emailed PTI the database\’s connection. They used the database to share the information of Mobikwik founder Bipin Preet Singh and Mobikwik CEO Upasana Taku.
The unreliability of online data storage:
The hackers have confirmed that they only want money from the organization and will not use it for anything else. However, according to another study, a separate dark web site has been developed that can be used to browse data by phone number or email ID and obtain detailed results from a total of 8.2 TB of data. The sheer amount of data that has been submitted to the portal is disturbing.
