Mobikwik, a payment startup based in Gurugram, has reportedly faced a massive data breach which led to a leak of sensitive data of around 3.5 million users. This breach apparently includes over 36 million files. It consists of around 99,224,559 user emails, phone numbers, addresses, hashed passwords, card details and bank accounts.

Rajshekhar Rajaharia, the independent researcher who highlighted this data breach, has reportedly stated that the hacker has set up a portal on dark web where user data can be obtained using an email ID or a phone number. Robert Baptiste, a French security researcher and ethical hacker who also goes by the name of Elliot Alderson, has confirmed the data breach and has tweeted regarding the same.

The independent researcher further added that this the second time in a year that data breach of such levels has been executed. He further claimed that the hacker has had access to the company’s servers since the beginning of 2021 and has urged RBI to look into this issue and resolve it as soon as possible.

Mobikwik, however, has denied the claims. The company apparently stated that they have extensively investigated this claim and have not identified any such security lapses. According to the firm, many so-called independent researchers and journalists have tried to present concocted files before and have wasted not just the company’s time but also the time of media members. The firm further stated that their company and user data is completely secure and safe and that users need not worry about this claim.

Though as per the claim, a potential buyer can obtain the entire database at a price of 1.5 BTC or USD 84,000, with a promise from the uploader that the portal will be taken offline. Over 350 GB of MySQL dump data, 7.5 TB of merchant KYC data comprising of information from Aadhar cards, passports, pan cards are some of the contents of the data pack.

Source Credits:

https://www.moneycontrol.com/news/business/independent-researcher-says-biggest-ever-data-breach-at-mobikwik-company-denies-claim-6706641.html