MobiKwik says it is probing data breach claims
A website on the dark web claimed it had 8.2 terabytes of user data, including 99 million records containing a user’s sign-up details and information about any payment cards a saved.
Personal information of close to 100 million users of payments app MobiKwik has purportedly been stolen and put up for sale on the dark web, prompting the company to announce that it will bring in an independent security auditor, although it said it was “confident” that its security had not been breached.

Over the weekend, a website on the dark web – the part of the internet not indexed by search engines and, hence, harder to access – claimed it had 8.2 terabytes of user data, including 99 million records containing a user’s sign-up details (including username, GPS location) and information about any payment cards a user may have saved.
The website was accessed by several people who reported on social media that they could see their account details on it. HT corroborated some of this information before the site went offline. “There were rumours about the breach in early March. On March 27, the public sale was posted on a popular forum,” said Yash Kadakia, founder of Security Brigade, describing the seller’s decision to create a portal for people to sift through the data as unusual.
The data also contained scans of KYC documents of 3.5 million users. The data uploaded on the website, which users could search through, likely contained a portion of the data. “The firm is closely working with authorities, and is confident that security protocols to store sensitive data are robust and have not been breached,” MobiKwik said in a statement. “Considering the seriousness of the allegations, and by way of abundant caution, it will get a third party to conduct a forensic data security audit”.
The person who gained access to this data said they are offering “exclusive” sale of the information for 1.5 bitcoins.

E-Paper

