Osiltec

Category: News

Posted on

MobiKwik – The Data Leak Case

AI in E-Commerce

MobiKwik – The Data Leak Case

MobiKwik – The Data Leak Case

Phishing scam, hacker attack and web security vector concept Premium Vector

MobiKwik accuses users of the data leaks. That is worse than the violation. MobiKwik stands behind the reason for one of the largest data leaks in history. Or, that’s what the internet wishes you to believe, at least. These allegations MobiKwik refused to state they are a controlled agency and take safety very seriously. The platform has claimed that it is working closely on this issue with the required authorities.

The details of 9.9 MobiKwik consumers from the worlds of digital payments are online or to say leaked online, which counts to be one of the worst instances of data leakage.  The cybersecurity expert Rajashekhar Rajaharia was the first one to report about the data leak, who also wrote to the Indian Reserve Bank and the PCI, and payment technology companies, etc. The data leak reports critical data, such as addresses, phone numbers, bank account information, and user email identifications.

MobiKwik denied the arguments that he is a controlled body and quite seriously takes protection. The platform claimed that it is working closely with the necessary authority and will have a third party perform a forensic security audit given the severity of the allegations. This reveals that the sites that payment is a Paytm and Google Pay competitor by many are ignorant and arrogant.

There’s no mention here of one or two or even a million users. On the internet, data leak includes a whooping number of nearly 10 crore people. It is absurd to say that all these users might have uploaded it. It would be naive to think. For the uninformed, there is a whole dark Web site where anybody might use to find a person’s data of numbers, email ids, and names.

Highlights of MobiKwik Case:

You want the organization concerned to assume responsibility for the problem and notify its customers of the security of its data in a perfect scenario. By rejecting all the allegations and blaming the consumers for the lack the Gurugram-based payment solution platform threw them under the bus.

  • The data of MobiKwik gets infringe by the hacking community.
  • Hackers thought they had access to valuable data.
  • Platform rejects arguments that data is safe.
  • Data reportedly leaked from millions of MobiKwik customers.
  • Users blaming the payment network for the data breach.
  • Data placed on the dark network for sale.

What was wrong with MobiKwik?

Computer virus conceptual idea Premium Vector

The latest data breach is serious, as major information from customers, such as mobile phone numbers, bank account details, mail, and even 9.9 Crore users of MobiKwik credit cards, is reportedly disclosed. MobiKwik’s screenshots have been post by French security scientist Elliot Alderson on Twitter. “The biggest KYC data breach in history,” he called it.

Cyber-security researcher, Rajshekhar Rajaharia, warned the platform that information from know-how (KYC) included scanned papers, such as the PAN and Aadhar cards, as well as bank statements from over five crore users, had been made available by the hacker’s community, in addition to the data in the paper.

Instead of examining the case, MobiKwik refused all allegations, and, on March 4 without calling Rajashekar’s name, he named the researcher openly “medially crazy.” It added that legal measures against the researcher will be taken.

While MobiKwik refused to allow this leak, several reasons exist to suggest that it was broken. First, the database access to PTI was e-mailed by a group of hackers called Jordan daven. Data from Bipin Preet Singh and Upasana Taku, the founder of MobiKwik have been shared.

The hackers claim they just want money from the organization and will not spend it anywhere. The hackers claim. However, several users shared screenshots of data from MobiKwik users on the dark web. This data was often traded for 1.5 or around $86,000 bitcoin. Still, the website refused the requests.

There is another study that says a different web portal was developed, which could be used through telephone number or e-mail ID to search for data and to obtain unique results from 8.2 TB of data. It is disturbing just the scale of the information uploaded on the portal.

MobiKwik rejected allegations

The solution portal for payments has removed the allegations from the data breach and blamed consumers. In a reply on Tuesday, the site said that it was fully secure for all accounts and user data.

“Some users reported their data on the dark network available. During our study, it is completely possible for any user to upload his/her data to several platforms. Therefore, it is erroneous to say that data from MobiKwik or any known source available on the dark web has been accessed,” the statement reads.

This is not the first time when a firm rejects these types of data leak alegations. The same security researcher first brought the matter to light last month. In those days, MobiKwik had rejected these allegations and said it was going to take steps against the investigator. It did not disclose whether there was a lawsuit back then.

“We examined his claims carefully and found no safety deficiencies. Our data is clean and stable for users and companies. There is no proof of the different text files in the study. All will generate such text files to annoy an enterprise. Finally, our legal staff will take stern measures against this so-called scholar, who tries to dismiss our image as a company for more reasons.”

What’s your role in MobiKwik Case?

Data leakage abstract concept illustration Free Vector

MobiKwik customers have a lot of uncertainty and misunderstanding due to the constant struggle between the platform and the investigator. And if the matter is examined over a few days, it highly recommends that users use new passwords for updating their MobiKwik account to their respective email addresses, set up two-factor authentication. You must also change passwords, 2FA authentication, like OTP, and fixed passcodes wherever possible. Whenever possible, you need to use them.

If you want to verify that your information is part of the breach, download the browser of Tor. It’s a web browser free of charge and will let you search the web anonymously. “Without the one-time password (OTP) that comes only to your mobile number, no harm will come to your wallet balance, credit card or debit card. We highly encourage you not to try opening any dark web / anonymous links because they could endanger your own cybersecurity,” said the company.

Update:  The hacker group which set up the site to display the leaked data on servers of MobiKwik has retired it from the site, stating that everything is clear from its servers.

Time for some General Knowledge class

“We examined his claims carefully and found no safety deficiencies. Our data is clean and stable for users and companies. There is no proof of the different text files in the study. All will generate such text files to annoy an enterprise. Finally, our legal staff will take stern measures against this so-called scholar, who tries to dismiss our image as a company for more reasons.” By MobiKwik on Twitter.

Did the researcher take any steps? No! Nothing told by MobiKwik. Has it tried over the past three weeks to solve the problem? We come across it earlier only when the information was available by the search engine. Interestingly, the leaked data get erase out from the Website by hackers within a day of leak media coverage, and all data was clear from their servers, and users are now safe. The firm has declined to assume any liability that makes consumers helpless. The only way they can do right now is to change their bank accounts passwords, establish two-factor security and look forward to the tempest.

Is MobiKwik alone to blame?

Credit card phishing. phishing scam with credit card in fishing hook. Premium Photo

MobiKwik alone would not be sufficient to blame. It is the device flaws that enable Indian technology companies to overcome these flaws without any effect. In the past, platforms failed to take responsibility for a vulnerability or error in their app which could lead to data leaks. There have still been similar incidents.

There is no way to see whether or not the leaked data gets omit out.  The firm has declined to assume any liability that makes consumers helpless. The only way they can do right now is to change their bank accounts passwords, establish two-factor security and look forward to the tempest.

MobiKwik alone would not be sufficient to blame. It is the device flaws that enable Indian technology companies to overcome these flaws without any effect. In the past, platforms failed to take responsibility for a vulnerability or error in their app which could lead to data leaks. There have still been similar incidents. This is not the case for American businesses and the lack of data legislation in India is one of the factors behind it.

The nation also has no effective consumer data security and criminal proceedings process. Since 2019, the Protection of Personal Data has been pending in the Lok Sabha. As it must stand strong and advance to provide high data protection,  but there are insufficient protections to keep user data secure until the bill is passed.

Posted on

New domicile law in Haryana impact on IT Industry

New domicile law in Haryana impact on IT Industry

New domicile law in Haryana impact on IT Industry

Abstract illustration of plagiarism concept Free Vector

New domicile law impacts Gurugram’s IT and ITeS industries severely. The new law will affect one lakh job as work is available for the Haryana people. Know the rules better. The new domicile law in Haryana would provide 75% of the jobs for people; with a monthly wage of up to Rs 50,000. The survey carried out by Nasscom would have a big impact on the IT/ITeS industry.

The state economic and commercial center, Gurgaon is the home to 500 or more companies of the IT/ITes. It holds the position of  headquarter in the state of Harayana. But by the new law, the fame and power of Gurgoan will get deeply affected. Gurugram is the biggest base for MNCs, automotive production, and starters in India, in addition to its major IT industry. The unease with domicile rule is present across all sectors of the industry.

Since the drafting of the bill, businesses and supervisors have been working on big issues. Most IT/ITeS enterprises consider the legislation to affect enterprises. Because of the domicile rule, the operating strategy and expenditure are very much influenced. It will transform operations in the countries followed by an effect on strategies for diversity and inclusion. That the businesses adopt to eradicate discrimination.

The economy and industry center of Gurugram with some 500 companies from IT/ITeS would have enormous repercussions. This will make companies uncomfortable with the rule of their homes. In Haryana, the IT and ITeS factories are operating with more than 4 lakh people and about 1.5 lakh jobs. And all will suffer from the new domicile law. In a wage spectrum up to Rs 50,000, including analytical and statistical abilities, artificial intelligence and machine learning capabilities, finance and accounting, data science, programming, R&D, etc.. The ability gaps are also listed.

New domicile law retrograde hits future IT plans

A Nasscom survey of 73 companies that employ 1.4 Lakh professionals in the state; finds the new Haryana law reserves 75% of jobs for locals. It is paid for up to Rs 50,000 a month, can have a serious influence on the IT/ITeS industry. The report shows that since the bill is drafting and considering  by the new law; business heads and sector groups have been circulating. Of the IT and ITeS businesses surveyed, 80% said their potential market practices and investment strategies is deeply influence; due to the domicile regulation. According to the poll, the majority said they will have their activities shifted or increased in other nations.

According to Nasscom, such reservation laws will make it hard to implement; and follow policies in sensitive areas like equality, diversity, and prejudice. 4 Lakh employees in Haryana work in the IT and ITeS sectors directly. The survey states that the new legislation would have an aggregate effect on about 1,5 lakh workers. This will cause the drawing of the results from the whole pool. The survey showed a skills disparity between conversation, IT and computer learning (both spoken and written), analytical and statistical skills, finance, accounting, programming, data science, and R&D in the defined salary range to Rs 50,000. Currently, an astonishing 81 percent of the workforce hired by businesses; outside Haryana stands above the unemployment.

Survey on the New Domicile Law

Intellectual property concept illustrated Free Vector

The survey revealed that the majority of businesses raised reservations about recruiting and emphasized that regulation would greatly raise the cost of enforcement. This will limit the industry’s freedom to hire staff at will. “There are a short-term effect and a medium-term impact,” said Ashish Aggarwal, Senior Director and Head of Policy Advocacy at Nasscom. The recruiting is presumably over for the current year and the effect may be reduced in the short term.

For a number of purposes, businesses seek new locations and overlapping jurisdictions. Haryana always attracted talent and companies claim the new law will decrease the competitiveness of the state. The move was not only illegal, as the Manas Fuloria, CEO of the Nagarro IT Company based in Gurugram says.

Nasscom President Vinod Sood for the Haryana area said that in some way the reservation was not a constructive move. By improving stability, many industries will like to attract local citizens, only if there are any. We need qualified personnel in this region, however, and a big gap exists,” said Sood, adding that the reserve would damage Gurugram’s reputation as an international center of industry, as leaders see retrograde movements. Others say that the government has to invest in competent local young people at the university and college levels to enforce such a quota.

Why firms are not happy with the New Domicile Law

Abstract patent law concept illustrated Premium Vector

Many start-ups in Gurugram have been unnerved by the development and according to a recent survey carried out by Nasscom they may consider moving operations to other countries. The same has also been indicated by employers like Quess and Xpheno. The New Haryana State Local Candidates Employment Act 2020 recommends that at least 75% of private-sector workers seat must have reservation  for local people, at a monthly payment of up to Rs 50 000. However, the local work legislation is not met by many businesses.

The state government’s labor quota legislation would be expected to comply with all corporations. Such as companies, trusts, LLP companies, alliance firms, and anybody who employs ten or more people. The Haryana Government’s new local quota legislation can do more harm than good, in particular in Gurugram, which has been one of the country’s largest startup hubs in recent years. The quota shall apply 10 years after notification by the government. It shall apply.

In Gurugram, the latest local work quota is consider regressive, not only new-age start-ups but information technology firms, vehicle, and export companies. The legitimacy of the quota causes dispute by several State-based industrialists.

How 75% Reservation for Locals in Private Jobs will Impact Haryana

Different sets of stamps Premium Vector

This portal allows the employer to recruit employees. It needs to mention that a minimum of 10,000 rs may be charged to up to Rs 2 lakh by any private entity which is not compliant with the provisions of the legislation. In the absence of an employer enforcing the statute, a tax of Rs 1.000 per day is levied before the breach continues. Companies are subject to a larger fine or prosecution if incorrect job documents has been produced. Ashish Aggarwal, Senior Director and Head of Policy Activism at Nasscom says that, businesses are now searching for new locations; and overlapping courts.

Industrialists Questions Feasibility of Haryana Job Quota Law 

It is noticeable that Gurugram is headquarter for more than 300 Fortune 500 firms. Over the past two decades, several of these corporations have built a base in the region. Not just IT and ITeS corporations, they are also put in the show through a vast number of cars and auxiliary businesses. 73 firms participating in a study by Nasscom have expressed their concern about the implications of the regulation. The study shows 1,5 lakh workers in the State is blown away by the law.

The new law would affect nearly 1.5 lakhs current worker and extend to four lakh employees of IT/IteS; or say 37% of all the IT/ITeS. As this legislation covers new employees, “the effect will be serious in 1 to 2 years, given the high turnover rate for business”. Industry bosses said that most Indian states are now welcome to invest and Gurugram could be hit by the law on labor reservation. Ashish Aggarwal, Nasscom’s Chief Policy Officer, said, “This change contradicts a series of changes in the past year that have made remote operations simpler and start-ups more inspiring.”

What Companies Want

Some businesses also slammed the recent local quota legislation on jobs and urged the government to work on local young people’s training and skills. Several top managers from Gurugram industries expressed concerns about the possibility of further expanding the reach of existing reservations. They unanimously accept that the only way to provide the young people of the state work is by the provision of qualifications and adequate preparation.

Several experts clarified that the competition from Haryana from other countries which have now begun to draw industrial investment is enormous. CII Director General Chandrajit Banerjee put forward his voice saying that at present such constraints could have been avoided by the Haryana administration.

What you need to teach yourself about the law

The state government’s labor quota legislation is set to comply all the sectors. Such as corporations, companies, trusts, LLP companies, alliance firms, and anybody who employs ten or more people. In other words, the new law would force private businesses in the State to comply. In the case of applicants, the beneficiary of the work quota under the Law is an individual domiciled in the state of Haryana. However, the individual must register for a job under the law on a specified portal.