In what is believed to be one of the worst cases of data leaks, important information of 9.9 crore Mobikwik users has been leaked online, which the digital payments company has denied. According to India Today, the disclosure about the data leak was made by cybersecurity analyst Rajashekhar Rajaharia who has also written to the Reserve Bank of India, Indian computer emergency response team, PCI Standards, and payment technology firms, etc.
Mobikwik has denied these claims saying that it is a regulated entity and takes security very seriously. The platform claimed that it is closely working with requisite authorities on this matter, and considering the seriousness of the allegations will get a third party to conduct a forensic data security audit.
The recent data leak is of serious nature as it is said to have exposed important user information including mobile phone number, bank account details, email, and even credit card numbers of 9.9 crore Mobikwik users. The screenshots of the Mobiwik breach were posted on Twitter by French security researcher who goes by the name Elliot Alderson. He called it the “largest KYC data leak in the history”.
Even though Mobikwik has denied this leak, there are number of reasons to believe that a breach was made. First, a group of hackers by the name of Jordandaven emailed the link of the database to PTI. They shared the data of Mobikwik founder Bipin Preet Singh and Mobikwik CEO Upasana Taku from the database.
The hackers have maintained that they only want to get money from the company and do not plan to use it otherwise.
The payments solution platform has shrugged away the claims of this data leak and has put the blame on users. In a response put out on Tuesday, the platform claimed that all accounts and user information with it were completely safe.
“Some users have reported that their data is visible on the dark web. While we are investigating this, it is entirely possible that any user could have uploaded her/his information on multiple platforms. Hence, it is incorrect to suggest that the data available on the darkweb has been accessed from MobiKwik or any identified source,” the statement read.
This isn’t the first time when the company has denied these claims. The matter was first brought to light last month by the same security researcher. Back then, Mobikwik had denied these claims and announced that it will take action against the researcher. It hasn’t revealed if a complaint has been filed since.
“We thoroughly investigated his allegations and did not find any security lapses. Our user and company data is completely safe and secure. The various sample text files that he has been showcasing prove nothing. Anyone can create such text files to falsely harass any company. Finally, our legal team will be pursuing strict action against this so-called researcher who is trying to malign our brand reputation for ulterior motives,” MobiKwik had said on Twitter.