Personal details of 3.5 million MobiKwik users seem to have been leaked, according to independent cyber-security researchers. The Gurugram-based fintech company continued to deny its role in the leak, calling the researchers that made the breach public “media-crazed” alleging them of presenting “concocted files” as evidence.
While the details and the nature of the alleged breach was flagged by security researchers Technadu and Rajshekhar Rajaharia over a month ago, several other independent researchers including French security researcher Robert Baptiste aka ‘Elliot Alderson’ have since also confirmed the hack.
“Probably, the largest KYC data leak in history. Congrats MobiKwik,” Alderson tweeted with a screenshot of the data leak. “This database is 8.2TB and contains 36,099,759 files,” the screenshot showed, adding that it contained KYC data of nearly 3.5 million people. It is reported to be up for sale on the Dark Web.
Over 8TB worth of personal user information like email id, phone number, name, address, passwords, GPS locations and even data related to users mobile devices were compromised from the main server of Mobikwik by a hacker named ‘Jordan Daven’ on dark web forums on January 20th, this year, according to Rajaharia.
The company had denied Rajshekhar’s claims back in February but on Monday, a link from the dark web was reportedly spotted online. Users had claimed seeing their personal details on the dark web.
The number of data breaches in India has been rising over the last two years. In November, BigBasket had filed a complaint with the Cyber Crime Cell in Bengaluru to verify claims made by cybersecurity intelligence firm Cyble that a hacker had put up the online grocer’s user data for sale on the Dark Web for over $40,000. In May, Edutech startup Unacademy had also disclosed a data breach that compromised the accounts of 22 million users.