MobiKwik user data leaked, nearly 3.5 million user’s KYC details up for sale

Updated on 31-Mar-2021

HIGHLIGHTS

MobiKwik user's KYC details up for sale.

Nearly 3.5 million data leaked in one of the biggest KYC leaks yet.

MobiKwik has denied the breach.

Update: 31 March 2021: Following the debacle, Mobikwik CEO Bipin Preet Singh posted a note to its users in which it is mentioned that they are doing everything in their power to keep MobiKwik accounts and balances safe. Check out his tweet below. The original story follows after the tweet.

https://twitter.com/BipinSingh/status/1376833273586941952?ref_src=twsrc%5Etfw

Payments apps have become extremely popular in India with millions of daily active users logging in to send and receive money online. It goes without saying that the users will have to tread cautiously while using these apps, but the service providers should also be vigilant when it comes to security.

The latest news coming out of Twitter suggests that MobiKwik has been hit with a security breach, exposing millions of user's data. According to the popular security researcher who goes by the name of Elliot Alderson on Twitter, the data breach has leaked sensitive information which is a part of their KYC details. We are looking at details like Aadhar card, phone number, address, and other personal information.

https://twitter.com/fs0c131y/status/1376486314296676360?ref_src=twsrc%5Etfw

The data leak is said to have exposed the data of nearly 3.5 million users. We are looking at around 8.2TB worth of data which is said to include 36,099,759 files, 99,224,559 user phone numbers, hashed passwords, and more. The hacker has reportedly set up a dark web portal in which the users can search for phone numbers and email IDs to get the details.

MobiKwik user data and KYC details leaked online

As serious as this data leak sounds, MobiKwik says they have encountered nothing of this sort. The company has denied the breach and said the security researcher is trying to malign their brand reputation for "ulterior motives".

This, by the way, doesn't appear to be the first time MobiKwik has faced a data breach. Some similar reports came out earlier this year too when an Indian security researcher claimed that MobiKwik is trying to hide the data leak. And the fact that MobiKwik is denying the data breach again, doesn't seem to sit well with its users, with a lot of them raising questions.

https://twitter.com/MobiKwik/status/1367489330902675463?ref_src=twsrc%5Etfw

In response to the allegations, here's what MobiKwik said – "A media-crazed so-called security researcher has repeatedly over the last week presented concocted files wasting precious time of our organization while desperately trying to grab media attention. We thoroughly investigated his allegations and did not find any security lapses." The company also added that it will be pursuing strict action against the researcher who brought this to light.

Disclaimer: Digit, like all other media houses, gives you links to online stores which contain embedded affiliate information, which allows us to get a tiny percentage of your purchase back from the online store. We urge all our readers to use our Buy button links to make their purchases as a way of supporting our work. If you are a user who already does this, thank you for supporting and keeping unbiased technology journalism alive in India.

Karthik Iyer

Karthik is the resident laptop expert at Digit. You'll find plenty of reviews, news, how-to, & opinion pieces from him here. When he's not running benchmarks or playing Jenga with laptops, you'll find him in front of his PC, raging over a video game.