India-made payment app MobiKwik – which claims to have over 120 million users – has reportedly been breached unethically, resulting in the leak of 8.2 Terabytes (TB): the data of over 3.5 million users.
Personal details of MobiKwik users including their addresses, Aadhaar number and phone numbers, along with other information, have been put up on the dark web for sale for the price of 1.5 Bitcoin or about $86,000, Business Standard reported on Tuesday.
While MobiKwik has denied all such claims, netizens have been sharing screenshots of their details exposed on the web, expressing serious concerns. On Twitter in India, #MobiKwikDataLeak is trending.
My data on @MobiKwik has been breached and posted online.— Prateek Pardeshi (@par_prateek) March 29, 2021
It includes my email, passwords, Bank Account details, Card details, phone number, Account Creation date, etc.#mobikwik #MobikwikDataLeak #DataLeak pic.twitter.com/49I4azGQ2u
Apparently, certain companies are claiming that #MobikwikDataLeak is a data leak, but you can't prove that the leak is from MobiKwik. Here's a smoking gun. Look at the signup date from the API. Notice how it matches the date I got a welcome email from MobiKwik? pic.twitter.com/s3luBfzxE1— Tejas Dinkar (@tdinkar) March 30, 2021
Security researcher Rajshekhar Rajaharia had reported the leak back in February, but MobiKwik denied his claims. However, on 29 March, a link from the dark web began circulating online, and several users confirmed seeing their personal details in it.
French hacker Robert Baptiste, who goes by the pseudonym Elliot Alderson on Twitter, also “congratulated” MobiKwik for what he called “probably the largest ‘Know Your Customer’ (KYC) data leak in history.
Probably the largest KYC data leak in history. Congrats Mobikwik... pic.twitter.com/qQFgIKloA8— Elliot Alderson (@fs0c131y) March 29, 2021
As of now, details about a further investigation into the data breach remain blurry, as MobiKwik stays firm on denying the data breach claims.
“Some media-crazed so-called security researchers have repeatedly attempted to present concocted files wasting precious time of our organisation as well as members of the media. We thoroughly investigated and did not find any security lapses. Our user and company data is completely safe and secure,” Business Standard quoted a MobiKwik spokesperson as saying.
The mass migration of Indians to online payments apps began back in 2016, when Prime Minister Narendra Modi demonetised big currency notes in India as an action against corruption. At the time, ATM machines as well as banks in India ran dry of cash – pushing people to facilitate financial transactions through phone apps.