Data of 10 crore MobiKwik users on sale on darknet? Elliot Anderson backs researcher's claim; company denies breach

Last Updated 30 March 2021, 11:35 IST

Data of over 10 crore Mobikwik users is on sale on a hacker forum on the darknet, according to independent security researcher Rajshekhar Rajaharia. On Monday, renowned French cybersecurity expert Elliot Anderson aka Robert Baptiste backed Rajaharia's claim on the alleged server breach at the digital wallet company and called it the biggest KYC data leak to date.

Rajaharia had in February said a hacker was selling MobiKwik user data such as PAN card numbers, Aadhaar, debit/credit cards, phone numbers, and other personally identifiable details that are usually shared during the Know Your Customer (KYC) procedure. “Personal data of several high-profile Indian tech company founders were found in the compressed data dump,” Rajaharia told DH. The data dump on the darknet is reported to be around 350GB in size.

Mobikwik has denied any data breach in its servers. "Some security researchers have repeatedly attempted to present concocted files wasting precious time of our organization. We thoroughly investigated and did not find any security lapses. Our user and company data is completely safe and secure," a Mobikwik spokesperson told DH.

“In a bid to prove the authenticity of the data leak, the unknown seller opened a search bar on the dark web. Users can type their registered email-ID to see if their data is compromised or not,” Rajaharia said to DH.

In addition to the data of 9.9 crore MobiKwik users, key identification details such as passport, Aadhaar cards, Pan cards, selfies, store picture proof of 30 lakh merchants including are also on sale, according to Rajaharia.

The unknown seller is charging 1.5Bitcon (approx. Rs 63,20,535) and is promising to delete all the data after the transfer of the amount.

Rajaharia is also credited for flagging the bug that caused WhatsApp group invites to appear in Google searches earlier this year.

Last month, He also disclosed the data breach in the Bharti Airtel server. More than 2.5 million customers' details including phone numbers and Aadhaar numbers leaked online.

Read more | 25 lakh Airtel customers data with Aadhaar IDs leaked

New Update | March 30, 5:01 pm

Bipin Preet Singh, MobiKwik CEO has posted a statement on Twitter reiterating that there was no case of the data breach. Considering the seriousness of the allegation, the company has decided to do third-party forensic data security.

Get the latest news on new launches, gadget reviews, apps, cybersecurity, and more on personal technology only on DH Tech.

(Published 29 March 2021, 14:30 IST)

Follow us on