MobiKwik reiterated on Tuesday that there was no data leak of any kind and said that its systems are secure after several users claimed their details appeared on the dark web.
The wallet and digital payments company said that while it investigates the information of users appearing online, it could be possible that this information is on multiple platforms
The company said it would carry out a third-party forensic data audit. Further, it urged users not to not click on any dark web links that could potentially their own cyber security in danger.
Several users took to social media on March 29 and March 30 and said that their details have appeared in leaked data of MobiKwik, in what is being called the biggest leak of 'know-your-customer' details in history.
While the leak itself was reported by an independent researcher, Rajashekhar Rajaharia on March 4, MobiKwik is drawing flak when the leaked data only recently appeared online.
MobiKwik is a wallet and digital payments company catering to 120 million users and 3 million retailers. They offer micro-credit facilities as well, but they are not a payments bank like PayTM, Airtel or Jio.
When Rajaharia reported the leak on March 4, the company denied it and said that they found no evidence of a breach. The blog post on Tuesday reiterated this denial, and stated that no security protocols storing sensitive information have been breached.
The data pertaining to the leak is said to have appeared on two such instances online.
First, these details was posted a popular hacking website that was selling the entire data dump for 1.5 bitcoin, promising to delete it from their end to keep it exclusive.
Second, an online portal that could be accessed using TOR Browser also sprung up, that enabled users to access the data and check if their details had been leaked. As of writing this story, BOOM found that portal is online but its database search functionality has been disabled.
According to the portal, the leak is massive; specifically 8.2TB large.
- It contains nearly 36 million files
- These amount the KYC details of nearly 35 million people
- Almost 99.22 million phone numbers, bank and card details, hashed (encrypted) passwords, and addresses are also present
Users of Twitter have used to portal to point out that their details have been leaked. The hashtag 'MobiKwikDataLeak' is trending on the micro-blogging platform.
While the number of people who say that their information has been leaked pile up, MobiKwik has denied any such leak. According to them, after Rajharia revealed a possible leak, MobiKwik said that they investigated his allegations and did not find evidence of any lapses.
Further, assured customers of the safety of their data, and also said that they would be pursuing legal action against him.
However, Rajharia tweeted that on March 1, he intimated MobiKwik of a bug. Though they denied that bug, they ended up fixing it. MobiKwik also put in a legal request with Twitter against a number a tweets calling MobiKwik out on the bug.
