Update: 31 March 2021: Following the debacle, Mobikwik CEO Bipin Preet Singh posted a note to its users in which it is mentioned that they are doing everything in their power to keep MobiKwik accounts and balances safe. Check out his tweet below. The original story follows after the tweet.
A note to our users. pic.twitter.com/J3WRM0Ko8v— Bipin Preet Singh (@BipinSingh) March 30, 2021
Payments apps have become extremely popular in India with millions of daily active users logging in to send and receive money online. It goes without saying that the users will have to tread cautiously while using these apps, but the service providers should also be vigilant when it comes to security.
The latest news coming out of Twitter suggests that MobiKwik has been hit with a security breach, exposing millions of user's data. According to the popular security researcher who goes by the name of Elliot Alderson on Twitter, the data breach has leaked sensitive information which is a part of their KYC details. We are looking at details like Aadhar card, phone number, address, and other personal information.
Probably the largest KYC data leak in history. Congrats Mobikwik... pic.twitter.com/qQFgIKloA8— Elliot Alderson (@fs0c131y) March 29, 2021
The data leak is said to have exposed the data of nearly 3.5 million users. We are looking at around 8.2TB worth of data which is said to include 36,099,759 files, 99,224,559 user phone numbers, hashed passwords, and more. The hacker has reportedly set up a dark web portal in which the users can search for phone numbers and email IDs to get the details.
As serious as this data leak sounds, MobiKwik says they have encountered nothing of this sort. The company has denied the breach and said the security researcher is trying to malign their brand reputation for "ulterior motives".
This, by the way, doesn't appear to be the first time MobiKwik has faced a data breach. Some similar reports came out earlier this year too when an Indian security researcher claimed that MobiKwik is trying to hide the data leak. And the fact that MobiKwik is denying the data breach again, doesn't seem to sit well with its users, with a lot of them raising questions.
A media-crazed so-called security researcher has repeatedly over the last week presented concocted files wasting precious time of our organization while desperately trying to grab media attention.We thoroughly investigated his allegations and did not find any security lapses. 1/n— MobiKwik (@MobiKwik) March 4, 2021
In response to the allegations, here's what MobiKwik said - "A media-crazed so-called security researcher has repeatedly over the last week presented concocted files wasting precious time of our organization while desperately trying to grab media attention. We thoroughly investigated his allegations and did not find any security lapses." The company also added that it will be pursuing strict action against the researcher who brought this to light.