Popular Payment app Mobikwik is in the eye of the storm amid allegations that sensitive data of millions of its users has been leaked. Last month, independent security researcher Rajshekhar Rajaharia exposed the data leak on Twitter. He had claimed that the data of 3.5 million users were put up for sale on the dark web. He alleged the breach includes 8.2TB data containing users’ KYC details, addresses, phone numbers, Aadhar card dataphone numbers, emails, hashed passwords, addresses, bank accounts and card details.
The researcher named Mobikwik in a series of tweets, adding that hacker(s) had access to the company’s data since January 2021. On Monday, renowned French cybersecurity expert Elliot Anderson aka Robert Baptiste backed Rajaharia’s claim on the alleged server breach at the digital wallet company and called it the biggest KYC data leak to date. Alderson had tweeted: “Probably the largest KYC data leak in history.
Rajaharia had claimed earlier that “11 crore Indian cardholder’s cards’ data including personal details and KYC soft copy (PAN, Aadhaar etc) allegedly leaked from the company’s server in India”. According to the researchers, the entire database is available for 1.5 Bitcoin (nearly $84,000) on the Dark Web.
The payment app has, however, categorically denied these claims. “Some media-crazed so-called security researchers have repeatedly attempted to present concocted files wasting precious time of our organisation as well as members of the media,” the company said in a statement. “We thoroughly investigated and did not find any security lapses. Our user and company data is completely safe and secure,” the company added.
The reports come close on the heels of MobiKwik plan to raise $7.2 million in a funding round prior to the listing on the stock exchange, according to regulatory filings with the Ministry of Corporate Affairs.