Earlier a researcher had claimed in his report that a link circulating on the dark web has leaked user data of about 8.2 terabyte (8,200GB) size of payments app MobiKwik. Gadgets 360 first became aware of this data breach in February. The data which was with some hackers group till some time ago, that data is now available on the search engine. The leaked data includes KYC details of users including their address, phone number, Aadhar card details etc. In this, data of 3.5 million i.e. about 35 lakh users is being told.
A security researcher Rajasekhar Rajaharia (@rajaharia) reported on MobiKwik’s data leak in February. share But the company denied this claim. Rajasekhar also shared screenshots of conversations with MobiKwik shared were.
On Monday, well-known French hacker Robert Baptiste (Elliot Alderson on Twitter) also tweeted about this data leak and called it “the biggest KYC data leak in history”. He shared a screenshot of the leaked data “Congrats”. Mobikwik…” wrote. However, due to Twitter’s policy, he delete tweet gave. He also gave information about the search engine that was created by hackers on the dark web and included information of some users.
Several users have posted on social media that they were able to find their information through this search engine.
The MobiKwik leak is real. Here is what the dump had for me. One of those credit cards was valid until a couple weeks ago, and I don’t recall authorising MobiKwik to save it. Companies that lie like ???? ought to be taken to the cleaners. https://t.co/sptyC1Jz8f pic.twitter.com/c4Uu25OviP
— Kiran Jonnalagadda (@jackerhack) March 29, 2021
Some of my data is there. In fact even the accurate date for the creation of my mobikwik account, in 2013, is there.
Thankfully, it’s an old expired card mentioned, because I only used mobikwik that one time.
Some, if not all, user data has leaked Bipin. https://t.co/6V2KZrY4ra
— Nikhil Pahwa (@nixxin) March 30, 2021
However, Gadgets 360 was not able to independently verify whether the information available was related to the alleged MobiKwik data breach.