India’s popular mobile payment service MobiKwik becomes the town’s talk as 8.2 TB of sensitive user data leaked on the dark web. It happened after the company experienced a data breach earlier this month.
The data that appeared on the dark web includes users’ names, hashed passwords, email, and residential addresses, GPS location, installed apps list, and credit card numbers.
MobiKwik is a Gurugram-based company that allows users to make online transactions from the mobile app. To make it possible, it provides the user a mobile-based payment system and a digital wallet.
The company started its services back in 2009. From 2016, it offers a small number of loans to the users, but the KYC requirements had to be in place. It means that the company recorded the users’ PII, scanned passports, ID documents, and more sensitive information. The company has 120 million users and about three million retailers across the country.
The leak also made a shocking revelation about the company. MobiKwik doesn’t delete the users’ credit card information no matter if they had removed them. By doing so, MobiKwik also violates the government’s regulation and the Reserve Bank of India. The new regulations are coming into effect from July 2021. The e-commerce websites, online merchants, and online payment services can’t store the customers’ credit card details in India.
The data breach was exposed by a security researcher taking to social media with some valid claims. The digital payment company Mobikwik denied all the security researcher’s allegations about the data breach that leaked million users’ data on the dark web.
The company denied the leak on March 4th, but other researchers also get into this matter as time passes. On March 29th, Elliot Anderson on Twitter confirmed the leaks and regarded it as the largest KYC leak in history.
The company said that the leaked documents are for some hidden motives and mainly harm its reputation. They are confident to take strict action against all those who put false allegations on them.
In a statement on Twitter, they said;
Some media-crazed so-called security researchers have repeatedly attempted to present concocted files wasting precious time of our organization and media members. We thoroughly investigated and did not find any security lapses. Our user and company data is completely safe and secure.
If you are a user of MobiKwik, we can only suggest you to block your credit card.