Big Mobikwik data breach! Aadhaar, mobile details of 11 crore users leaked, company denies claims

New Delhi: In what could be termed as a major data and privacy issue, around 11 crore users of Mobikwik face potential data breach.

As per reports in the media, the KYC details of the digital wallet company that usually includes PAN card, Aadhaar card, debit/credit cards, phone numbers among several personal details, have been leaked online and is up for sale on the dark net.

In February this year, independent security researcher Rajshekhar Rajaharia had claimed that personal data of about 11 crore Mobikwik users, 
probably the largest KYC data breach, had been compromised and were up for sale on the darknet. But the claim was completely denied by the company then.

Again!! 11 Crore Indian Cardholder's Cards Data Including personal details & KYC soft copy(PAN, Aadhar etc) allegedly leaked from a company's Server in India. 6 TB KYC Data and 350GB compressed mysql dump.@RBI @IndianCERT #InfoSec #dataprotection #Finance pic.twitter.com/yjc7davH3k — Rajshekhar Rajaharia (@rajaharia) February 26, 2021

Meanwhile, renowned French cybersecurity expert Elliot Anderson also known as Robert Baptiste has backed Rajaharia data breach claim.

Probably the largest KYC data leak in history. Congrats Mobikwik... pic.twitter.com/qQFgIKloA8 — Elliot Alderson (@fs0c131y) March 29, 2021

The volume of the data leak on the dark web amounts to 8.2 TB of data. Media reports further said that a seller who has set the data on sale in the darknet is seeking 1.5 Bitcon (approximately Rs 63 lakh) for deleting the leaked data.

Meanwhile, a MobiKwik spokesperson told Zee Media, “As a regulated entity, the company takes its data security very seriously and is fully compliant with applicable data security laws. The company is subjected to stringent compliance measures under its PCI-DSS and ISO Certifications which, includes annual security audits and quarterly penetration tests to ensure security of its platform." 

"As soon this matter was reported, the company undertook a thorough investigation with the help of external security experts and did not find any evidence of a breach. The company is closely working with requisite authorities on this matter, and considering the seriousness of the allegations will get a third party to conduct a forensic data security audit. For its users, the company reiterates that all MobiKwik accounts and balances are completely safe,” the spokesperson added.