MobiKwik – The Data Leak Case

Home / News / MobiKwik – The Data Leak Case
Mobikwik Data leak Network security Osiltec

MobiKwik – The Data Leak Case

April 13, 2021 Mohd Izhar Leave a Comment 340 Views

MobiKwik –The Data Leak Case

Phishing scam, hacker attack and web security vector concept Premium Vector

MobiKwik accuses users of the data leaks. That is worse than the violation. MobiKwik stands behind the reason for one of the largest data leaks in history. Or, that’s what the internet wishes you to believe, at least. These allegations MobiKwik refused to state they are a controlled agency and take safety very seriously. The platform has claimed that it is working closely on this issue with the required authorities.

The details of 9.9 MobiKwik consumers from the worlds of digital payments are online or to say leaked online, which counts to be one of the worst instances of data leakage.  The cybersecurity expert Rajashekhar Rajaharia was the first one to report about the data leak, who also wrote to the Indian Reserve Bank and the PCI, and payment technology companies, etc. The data leak reports critical data, such as addresses, phone numbers, bank account information, and user email identifications.

MobiKwik denied the arguments that he is a controlled body and quite seriously takes protection. The platform claimed that it is working closely with the necessary authority and will have a third party perform a forensic security audit given the severity of the allegations. This reveals that the sites that payment is a Paytm and Google Pay competitor by many are ignorant and arrogant.

There’s no mention here of one or two or even a million users. On the internet, data leak includes a whooping number of nearly 10 crore people. It is absurd to say that all these users might have uploaded it. It would be naive to think. For the uninformed, there is a whole dark Web site where anybody might use to find a person’s data of numbers, email ids, and names.

Highlights of MobiKwik Case:

You want the organization concerned to assume responsibility for the problem and notify its customers of the security of its data in a perfect scenario. By rejecting all the allegations and blaming the consumers for the lack the Gurugram-based payment solution platform threw them under the bus.

  • The data of MobiKwik gets infringe by the hacking community.
  • Hackers thought they had access to valuable data.
  • Platform rejects arguments that data is safe.
  • Data reportedly leaked from millions of MobiKwik customers.
  • Users blaming the payment network for the data breach.
  • Data placed on the dark network for sale.

What was wrong with MobiKwik?

Computer virus conceptual idea Premium Vector

The latest data breach is serious, as major information from customers, such as mobile phone numbers, bank account details, mail, and even 9.9 Crore users of MobiKwik credit cards, is reportedly disclosed. MobiKwik’s screenshots have been post by French security scientist Elliot Alderson on Twitter. “The biggest KYC data breach in history,” he called it.

Cyber-security researcher, Rajshekhar Rajaharia, warned the platform that information from know-how (KYC) included scanned papers, such as the PAN and Aadhar cards, as well as bank statements from over five crore users, had been made available by the hacker’s community, in addition to the data in the paper.

Instead of examining the case, MobiKwik refused all allegations, and, on March 4 without calling Rajashekar’s name, he named the researcher openly “medially crazy.” It added that legal measures against the researcher will be taken.

While MobiKwik refused to allow this leak, several reasons exist to suggest that it was broken. First, the database access to PTI was e-mailed by a group of hackers called Jordan daven. Data from Bipin Preet Singh and Upasana Taku, the founder of MobiKwik have been shared.

The hackers claim they just want money from the organization and will not spend it anywhere. The hackers claim. However, several users shared screenshots of data from MobiKwik users on the dark web. This data was often traded for 1.5 or around $86,000 bitcoin. Still, the website refused the requests.

There is another study that says a different web portal was developed, which could be used through telephone number or e-mail ID to search for data and to obtain unique results from 8.2 TB of data. It is disturbing just the scale of the information uploaded on the portal.

MobiKwik rejected allegations

The solution portal for payments has removed the allegations from the data breach and blamed consumers. In a reply on Tuesday, the site said that it was fully secure for all accounts and user data.

“Some users reported their data on the dark network available. During our study, it is completely possible for any user to upload his/her data to several platforms. Therefore, it is erroneous to say that data from MobiKwik or any known source available on the dark web has been accessed,” the statement reads.

This is not the first time when a firm rejects these types of data leak alegations. The same security researcher first brought the matter to light last month. In those days, MobiKwik had rejected these allegations and said it was going to take steps against the investigator. It did not disclose whether there was a lawsuit back then.

“We examined his claims carefully and found no safety deficiencies. Our data is clean and stable for users and companies. There is no proof of the different text files in the study. All will generate such text files to annoy an enterprise. Finally, our legal staff will take stern measures against this so-called scholar, who tries to dismiss our image as a company for more reasons.”

What’s your role in MobiKwik Case?

Data leakage abstract concept illustration Free Vector

MobiKwik customers have a lot of uncertainty and misunderstanding due to the constant struggle between the platform and the investigator. And if the matter is examined over a few days, it highly recommends that users use new passwords for updating their MobiKwik account to their respective email addresses, set up two-factor authentication. You must also change passwords, 2FA authentication, like OTP, and fixed passcodes wherever possible. Whenever possible, you need to use them.

If you want to verify that your information is part of the breach, download the browser of Tor. It’s a web browser free of charge and will let you search the web anonymously. “Without the one-time password (OTP) that comes only to your mobile number, no harm will come to your wallet balance, credit card or debit card. We highly encourage you not to try opening any dark web / anonymous links because they could endanger your own cybersecurity,” said the company.

Update:  The hacker group which set up the site to display the leaked data on servers of MobiKwik has retired it from the site, stating that everything is clear from its servers.

Time for some General Knowledge class

“We examined his claims carefully and found no safety deficiencies. Our data is clean and stable for users and companies. There is no proof of the different text files in the study. All will generate such text files to annoy an enterprise. Finally, our legal staff will take stern measures against this so-called scholar, who tries to dismiss our image as a company for more reasons.” By MobiKwik on Twitter.

Did the researcher take any steps? No! Nothing told by MobiKwik. Has it tried over the past three weeks to solve the problem? We come across it earlier only when the information was available by the search engine. Interestingly, the leaked data get erase out from the Website by hackers within a day of leak media coverage, and all data was clear from their servers, and users are now safe. The firm has declined to assume any liability that makes consumers helpless. The only way they can do right now is to change their bank accounts passwords, establish two-factor security and look forward to the tempest.

Is MobiKwik alone to blame?

Credit card phishing. phishing scam with credit card in fishing hook. Premium Photo

MobiKwik alone would not be sufficient to blame. It is the device flaws that enable Indian technology companies to overcome these flaws without any effect. In the past, platforms failed to take responsibility for a vulnerability or error in their app which could lead to data leaks. There have still been similar incidents.

There is no way to see whether or not the leaked data gets omit out.  The firm has declined to assume any liability that makes consumers helpless. The only way they can do right now is to change their bank accounts passwords, establish two-factor security and look forward to the tempest.

MobiKwik alone would not be sufficient to blame. It is the device flaws that enable Indian technology companies to overcome these flaws without any effect. In the past, platforms failed to take responsibility for a vulnerability or error in their app which could lead to data leaks. There have still been similar incidents. This is not the case for American businesses and the lack of data legislation in India is one of the factors behind it.

The nation also has no effective consumer data security and criminal proceedings process. Since 2019, the Protection of Personal Data has been pending in the Lok Sabha. As it must stand strong and advance to provide high data protection,  but there are insufficient protections to keep user data secure until the bill is passed.

Mohd Izhar

Leave a Comment

× WhatsApp Us!!