MobiKwik Data Leak Incident
MobiKwik is one of the well-known names in the Indian payments sector, which has been a part of the financial technology revolution that rose after demonetization in 2016. While it’s lagging behind the top players like GPay, Phonepe, and Paytm, it’s having a significant user base to serve. Now, the company is being alleged by a security researcher named Rajasekhar Rajaharia, who on Twitter claims that about 11 crores of Indian card data were leaked from MobiKwik’s server! He further states that a hacker had access to this alleged leaking server for over a month, which contained the customer’s sensitive data.
— Rajshekhar Rajaharia (@rajaharia) March 4, 2021 Last week, he shared several images of this leak, claiming that “personal details & KYC soft copy (PAN, Aadhar, etc) allegedly leaked from a company’s Server in India,” later pointing out to MobiKwik. Screenshots shared by him from the alleged hacker don’t have MobiKwik’s name mentioned in it but says one of the top three Indian firms. Also, images shared by him claiming to be the data leaked from MobiKwik’s server aren’t authenticated but had details like hashed card data and related transaction IDs. MobiKwik, on the other hand, has cleared the air by denying these allegations straightway. It said to have “thoroughly investigated…allegations and did not find any security lapses.” Assuring that both the user and company’s data is safe, MobiKwik said it would take legal action against Rajaharia for alleging without proper evidence. While this being an allegation, MobiKwik has already suffered a data breach in 2010 and disclosed it officially. Zee5, which was also been in the news last week, had faced a similar data breach incident last year.