MobiKwik, Biggest KYC Data Leak Ever...

-
MobiKwik, an Indian company that provides mobile phone based payment system and digital wallet, has recently underwent one of the biggest data breach. Data of about 3.5 million users (8.2 TB) were put on sale in Dark Web, which consists of user’s name, phone number, bank account details, e-mail IDs and the credit card information.

Source: Google

    
    The data dump is said to contain 350GB of MySQL dumps or 500 databases, 99 million email, phone, passwords, physical addresses, IP address, GPS location and device related data, as well as 40 million records of card numbers, expiry dates, card hashes (SHA256 encrypted).


It has been regarded as the “BIGGEST KYC DATA LEAK EVER”.


    One of the independent security researcher, Rajshekhar Rajaharia tweeted about the leak, “11 crore Indian cardholder’s card data including personal details & KYC soft copy has been leaked” which was then confirmed by French researcher (Source).

Source: Twitter

    
    The data was on sale at 1.5 bitcoin which is equivalent to about $86,000 (Rs. 69 lakh) on the popular hacker forum. 

    Although the company denies all the claims and leaks, and says, “Some users have reported that their data is visible on the dark web. While we are investigating this, it is entirely possible that any user could have uploaded her/his information on multiple platforms. Hence, it is incorrect to suggest that the data available on the dark web has been accessed from MobiKwik or any identified source,




    Some users have also verified the data breach by tweeting their screenshots, as can be seen below:

Source: Twitter



    Earlier, a portal was provided by the hackers to check if your details exist in the database, which is now being taken down (claimed to be deleted) from the hacker’s forum:

Portal to search mobile number or mail id


Claim of deletion of the data



    Want to know more, try Googling MobiKwik Data Breach


What can I do?

Although these types of leaks are beyond the control of end-user, as it is to be mandate by the corresponding organization, but we can take few steps so as to remove the threat for ourselves, like:

  • To mitigate the chance of your data not to get leaked, you must not use the third-party applications for the banking and payment purposes.
  • Use only the authorized bank application.
  • Try to move to the UPI payment systems instead of any other third-party.
  • Always enable Two-Factor Authentication in all your online accounts.
  • Keep changing your Passwords frequently.
  • Do not save card information on any online account.
  • Do not share your OTP with anyone.
  • Do not reply to any fraudulent message or mail received that ask for any of your details.

REMAIN VIGILANT, REMAIN SECURE


Comments

Post a Comment