Hackers allegedly leak data of 9.9 crore Mobikwik users in India, company rejects claim
Hackers uploaded several pictures of Mobikwik QR code along with documents used for KYC compliance.
Hackers have leaked the data such as mobile phone number, bank account details, email, and credit card numbers of 9.9 crore Indians allegedly of Mobikwik users, which the digital payments company has strongly denied. The disclosure about the data leak was made by cybersecurity analyst Rajashekhar Rajaharia who has also written to the Reserve Bank of India, Indian computer emergency response team, PCI Standards, and payment technology firms, etc.
A hacker group by the name of Jordandaven emailed the link of the database to PTI and said that they do not have any intention of using the data except to get money from the company and delete it from their end.
Jordandaven shared the data of Mobikwik founder Bipin Preet Singh and Mobikwik CEO Upasana Taku from the database.
When contacted, Mobikwik denied the claim.
The company's spokesperson said that as a regulated entity, it takes data security very seriously and is fully compliant with applicable data security laws.
"The company is subjected to stringent compliance measures under its PCI-DSS and ISO Certifications which includes annual security audits and quarterly penetration tests to ensure the security of its platform. As soon this matter was reported, the company undertook a thorough investigation with the help of external security experts and did not find any evidence of a breach," the Mobikwik spokesperson said.
Hackers maintained that the database is of Mobikwik and uploaded several pictures of Mobikwik QR code along with documents used for 'Know Your Customer' compliance mainly the Aadhaar and PAN card.
A media-crazed so-called security researcher has repeatedly over the last week presented concocted files wasting precious time of our organization while desperately trying to grab media attention.We thoroughly investigated his allegations and did not find any security lapses. 1/n
— MobiKwik (@MobiKwik) March 4, 2021
Mobikwik said that it is closely working with requisite authorities on this matter, and considering the seriousness of the allegations will get a third party to conduct a forensic data security audit.
"For its users, the company reiterates that all MobiKwik accounts and balances are completely safe," the company spokesperson said.
Rajaharia said that government authorities should thoroughly investigate the data leak immediately as it has wider ramifications that can potentially lead to several financial frauds.
"Full 16 digit card numbers might be unmasked because their encryption algorithm is public now. This massive data breach might be a threat for other banks, and wallets because these days each and every data set is connected to each other," Rajaharia said.
He said that everyone should immediately change the password of their bank account, credit cards, etc, to keep their money safe.
Mobikwik claims that its systems are secure and that there is no basis to the allegations of data breach.
Indian entrepreneurial ecosystem is poised to revolutionise the coming years
In the early stages of their build-up, the e-payment companies only source of income has been commissions on phone and utility bill payments.