India-made payment app MobiKwik – which claims to have over 120 million users – has reportedly been breached unethically, resulting in the leak of 8.2 Terabytes (TB): the data of over 3.5 million users.
Personal details of MobiKwik users including their addresses, Aadhaar number and phone numbers, along with other information, have been put up on the dark web for sale for the price of 1.5 Bitcoin or about $86,000, Business Standard reported on Tuesday.
While MobiKwik has denied all such claims, netizens have been sharing screenshots of their details exposed on the web, expressing serious concerns. On Twitter in India, #MobiKwikDataLeak is trending.
Security researcher Rajshekhar Rajaharia had reported the leak back in February, but MobiKwik denied his claims. However, on 29 March, a link from the dark web began circulating online, and several users confirmed seeing their personal details in it.
French hacker Robert Baptiste, who goes by the pseudonym Elliot Alderson on Twitter, also “congratulated” MobiKwik for what he called “probably the largest ‘Know Your Customer’ (KYC) data leak in history.
As of now, details about a further investigation into the data breach remain blurry, as MobiKwik stays firm on denying the data breach claims.
“Some media-crazed so-called security researchers have repeatedly attempted to present concocted files wasting precious time of our organisation as well as members of the media. We thoroughly investigated and did not find any security lapses. Our user and company data is completely safe and secure,” Business Standard quoted a MobiKwik spokesperson as saying.
The mass migration of Indians to online payments apps began back in 2016, when Prime Minister Narendra Modi demonetised big currency notes in India as an action against corruption. At the time, ATM machines as well as banks in India ran dry of cash – pushing people to facilitate financial transactions through phone apps.