MobiKwik denies data breach of 3.5 mn users

Independent cyber security researchers have claimed that a database containing KYC details of nearly 3.5 million users of MobiKwik is up for sale on the Dark Web. 

First tweeted by independent cyber security researcher Rajshekhar Rajaharia and then by French researcher Elliot Alderson on Monday, the alleged breach includes 8.2TB data containing users’ phone numbers, emails, hashed passwords, addresses, bank accounts and card details. 

But, MobiKwik vehemently denied any such breach. “Some media-crazed so-called security researchers have repeatedly attempted to present concocted files wasting precious time of our organisation as well as members of the media,” the company said in a statement. 

“We thoroughly investigated and did not find any security lapses. Our user and company data is completely safe and secure,” it added. 

Alderson had tweeted: “Probably the largest KYC data leak in history.” Rajaharia had claimed earlier “11 crore Indian cardholder’s cards’ data including personal details and KYC soft copy (PAN, Aadhaar) allegedly leaked from the company’s server in India.” As per the researchers, the database is available for 1.5 Bitcoin (nearly $84,000) on the Dark Web.