The data breach resurface, Mobikwik rejects the claim
The hackers claimed that the database belonged to Mobikwik and posted several images of the Mobikwik QR code as well as KYC information, primarily Aadhaar and PAN card numbers. However, the company strongly denied these allegations.
Many Indians bank account details, mobile phone number, email, credit card numbers of Mobikwik, Gurgaon-based mobile payments and digital wallet company users have been leaked by the hackers, however, the company strongly denied these allegations further stating that they would get a third-party forensic data security audit done. The disclosure about the data leak was made by Rajashekhar Rajaharia, who claims to be an independent cybersecurity researcher, has also written to the RBI, Indian computer emergency response team, PCI Standards, and payment technology firms, etc.
According to PTI, Jordandaven, a hacker group, has emailed the database's connection, stating that they have no intention of using the data other than to extract money from the company and delete it from their end. They also shared data from the database of Mobikwik founder Bipin Preet Singh and Mobikwik CEO Upasana Taku.
The hackers claimed that the database belonged to Mobikwik and posted several images of the Mobikwik QR code as well as KYC information, primarily Aadhaar and PAN card numbers. Mobikwik stated that it is working closely with the appropriate authorities on this matter and that due to the severity of the claims, a third party will conduct a forensic data protection audit.
"The company reiterates to its users that all MobiKwik accounts and balances are absolutely secure," a spokesperson for the company said.
Although the details of the alleged leak have been in the public domain for over a month now, the issue gained prominence on Monday after the so-called data dump was said to be posted for sale on the dark web. Later, a link with a search bar, where anyone could search if their phone number or email address and other details were present in the data dump, was available on the darknet.
And, on Tuesday, again the company issued a denial and claimed that all the accounts and user information with it were completely safe. In February, when the alleged data breach was first reported by Rajaharia on Twitter, the company had said he was “desperately trying to grab media attention”.
“We thoroughly investigated his allegations and found no security lapses,” MobiKwik responded on Twitter. "Our users' and company's information is completely secure. The numerous sample text files he has been displaying prove nothing. Such text files can be created by anyone to falsely threaten any business. Finally, our legal team will take firm action against this so-called researcher who is attempting to discredit our name for personal benefit.”According to Rajaharia, government officials should investigate the data breach immediately because it has far-reaching implications that could lead to a slew of financial frauds. To keep their money secure, he advised that everyone change their passwords for their bank accounts, credit cards, and other accounts right away.