The MobiKwik data breach has currently captured headlines. According to the claims of an independent researcher and entrepreneur Rajshekhar Rajaharia, the data of 11 crore Indians has been leaked on the darknet. “Again!! 11 Crore Indian Cardholder’s Cards Data Including personal details and KYC soft copy (PAN, Aadhar etc) allegedly leaked from a company’s Server in India. 6 TB KYC Data and 350GB compressed mysql dump,” he tweeted last month.
The researcher claims that the hacker, who had also posted some database structures with samples, had access to the company’s server from January 2021 to 26 February 2021. “As a customer of MobiKwik, It is my right to ask you, why you deleted you blog post of previous unauthorized server access(in 2010) after my tweet. I think it’s a big controversy now. what was the need of this step. Hiding things is not a solution,” he had tweeted.
Again!! 11 Crore Indian Cardholder’s Cards Data Including personal details & KYC soft copy(PAN, Aadhar etc) allegedly leaked from a company’s Server in India. 6 TB KYC Data and 350GB compressed mysql dump.@RBI @IndianCERT #InfoSec #dataprotection #Finance pic.twitter.com/yjc7davH3k
— Rajshekhar Rajaharia (@rajaharia) February 26, 2021
However, the company has dismissed these claims calling Rajaharia a “media-crazed” individual. “A media-crazed so-called security researcher has repeatedly over the last week presented concocted files wasting precious time of our organization while desperately trying to grab media attention. We thoroughly investigated his allegations and did not find any security lapses,” said the company while adding that the legal department of the company would take strict action against the researcher for trying to “malign the brand reputation for ulterior motives”.
“Our user and company data is completely safe and secure. The various sample text files that he has been showcasing prove nothing. Anyone can create such text files to falsely harass any company,” added MobiKwik at the time.
However, a hacker known by the name Elliot Anderson has once again brought this issue to the fore by claiming that Rajshekhar Rajaharia was indeed right about the MobiKwik data breach. “Probably the largest KYC data leak in history. Congrats Mobikwik,” he tweeted along with the screenshot of how MobiKwik users can find their personal data on the web. The hacker claims that users can find all their data stored on MobiKwik servers by searching for their phone number, email ID or any string.
Probably the largest KYC data leak in history. Congrats Mobikwik… pic.twitter.com/qQFgIKloA8
— Elliot Alderson (@fs0c131y) March 29, 2021
This development is being confirmed by various other users on the Twitter thread. “I personally verified the information and can confirm they have my Card details and more personal data. I am a bit concerned now,” says Eashwar Ramesh. Nevertheless, the company has denied all such claims. Consumer data is safe, the company maintains in statements given to various media houses.