Payment app MobiKwik came under the scanner on Mar 29,2021 after a security researcher claimed that the data of 3.5 million users were put up for sale on the dark web. The researcher claimed that the sensitive information of 3.5 million users that was put on the dark web for sale includes KYC details, addresses, phone numbers, Aadhar card data and other details of the users. Several users had reportedly spotted their personal details on the dark web link that is being circulated on the internet.
In February, Internet Security Researcher Rajshekhar Rajaharia tweeted that KYC Data of nearly 11 crore Indians was leaked on dark web. An 8TB treasure of PAN numbers, Aadhar information, credit card information and bank details. The hacker has claimed that he had access to the company’s server since January 2021.
Again!! 11 Crore Indian Cardholder's Cards Data Including personal details & KYC soft copy(PAN, Aadhar etc) allegedly leaked from a company's Server in India. 6 TB KYC Data and 350GB compressed mysql dump.@RBI @IndianCERT #InfoSec #dataprotection #Finance pic.twitter.com/yjc7davH3k
— Rajshekhar Rajaharia (@rajaharia) February 26, 2021
This is not the first time MobiKwik has been hacked either. As per a blog post by the company in 2010, someone gained access to the company’s ‘IT systems. Rajaharia claims to have also reported a bug on March 1st which MobiKwik denied at first and then apparently fixed within the next one hour.
Even in the face of MobiKwik’s vehement denials, the evidence has mounted strongly against the company. Besides Rajaharia’s damning series of tweets, several other prominent security researchers have also tweeted against the company including ethical hacker Elliot Alderson.
— Elliot Alderson (@fs0c131y) March 30, 2021
How do I check if my data is hacked or not?
To those of you sweating bullets right now trying to figure out if your data was compromised or not, here is what you need to do to check. We recommend you to download Tor Browser. Open this link in Tor Browser [Never open the link in Regular Browser].
This is the entire database of the leak that is now online. Disturbingly it also has pictures as proof of Random KYCs in the database. Search for your information using your phone number or email id. If nothing shows up, you are safe and you can breathe a sigh of relief.
If something does show up, immediately contact your bank, and block your cards now. Change your netbanking password and if possible, just change the email id that has been linked to your bank details. This will mean you will have to jump through a few hoops like creating a new mail account or completing some formalities with your bank but that is 100 percent worth it and will give you some peace of mind. As to what can be done with the data, your guess is as good as mine. Once something is on the internet, it never really leaves.
Last updated:
0 Comments