8.2 TB Of MobiKwik User Data Allegedly Hacked, Company Denies Breach
The hacker who has access to the entire database is willing to sell the entire chunk for 1.5 bitcoins, which amounts to around $84,000, which will also follow pulling down the aforementioned portal and giving the buyer exclusive access.
A massive database breach has allegedly occurred in MobiKwik servers where the KYC data of hundreds of thousands of its users has surfaced on the dark web -- as much as 8.2 terabytes of data.
This alleged MobiKwik data breach was first highlighted by French white hacker and security researcher Elliot Anderson via a screenshot on his Twitter earlier today.
The screenshot is of a dark web portal where users can allegedly search their phone numbers or email IDs and can get specific details that they want to extract from the allegedly hacked MobiKwik user base.
The alleged MobiKwik data leak was also highlighted by one Indian cybersecurity researcher Rajshekhar Rajaharia (reported first by TechNadu) who spotted the new database and has revealed the same earlier in the first week of March 2021.
The hacker who allegedly has access to the entire database of MobiKwik users' KYC details is willing to sell the entire chunk for 1.5 bitcoins, which amounts to around $84,000, which will also follow pulling down the aforementioned portal and giving the buyer exclusive access.
The data that¡¯s on offer includes a total of 350 gigabytes of MySQL dumps that include 500 databases. It also consists of 99 million mail, phone passwords, addresses and data surrounding installed apps, IP addresses, GPS locations etc.
The breach also gives access to 40 million 10-digit card numbers with month, year and card hash. This also includes databases surrounding company data. Another 7.5 TB of over 3 million merchant KYC data which includes Aadhar card details, passport details, pan card details as well as images of individuals who have offered the KYC that they¡¯ve used to request for a loan on the payments platform.
MobiKwik in a statement rejects that such a data breach has occurred, ¡°Some media-crazed so-called security researchers have repeatedly attempted to present concocted files wasting precious time of our organization as well as members of the media. We thoroughly investigated and did not find any security lapses. Our user and company data is completely safe and secure.¡±
What¡¯s surprising is that just last week, MobiKwik announced that it is gearing up for its IPO in September and announced that it¡¯ll file its draft IPO prospectus by May that could have brought the company¡¯s value to over $1 billion.