MobiKwik Data Leak
MobiKwik, a famous mobile payments service from India, went on fire on Monday, after 8.2 terabytes of data related to its customers appeared on a data leak site.
According to reports, 3.5 Million users are exposed and their details are circulating the dark web, following the massive data breach. The details that are leaked contain confidential personal data such as:
- Names of clients
- User emails
- Home addresses
- GPS locations
- Credit card numbers
- bank accounts and their account numbers
- Know-You-Customer (KYC) documents of 3.5 million customers of MobiKwik.
The data leak site where the stolen data is leaked contains 36,099,759 records and can be accessed via Tor browser.
A number of users have reported that they have found their personal details on the “MobiKwik India data leak” site. Some people have even shared screenshots of the MobiKwik details circulating on the dark web.
Sources have shared that the stolen details were offered for sale for 1.5 bitcoin or around 86,000 dollars. It is yet to be clarified how the threat actor was able to enter MobiKwik’s servers and steal the leaked information.
Although the passwords that have leaked have been encrypted, other sensitive details, including the PAN card and the Aadhaar card, have not been protected through encryption.
Security professionals are sharing their concerns that with access to such a broad collection of details, there is a huge opportunity for scammers to scam MobiKwik users and sound credible. Anyone whose details are in the leaked database is an easy target. Fraudsters could easily access their victims through their telephone number and email address, the independent security researcher Indrajeet Bhuyan, commented on the case.
It is interesting that earlier this month, on 4th of March, MobiKwik vigorously denied a data incident that was publicly reported by the independent security analyst Rajshekhar Rajaharia and claimed that their investigation has not found any security lapses.