-->

MobiKwik Data Breach- 8.2 TB of MobiKwik User Data Allegedly Hacked, company denies claim

MobiKwik KYC Data Breach

MobiKwik Data Breach

MobiKwik, A Digital wallet company based in India has suffered a huge data breach which was exposed 99 Million Indian users details of a total of 8.2 TB and contains 36,099,759 files which include Email IDs, Phone Numbers, Aadhar Card, Pan Card, Debit/Credit Card, other KYC documents have been kept on sale on Dark Web by some Anonymous hacker which is being offered for sale at 1.5 bitcoins (or $84,000).

Largest KYC Data Leak In History

The MobiKwik data breach was first reported by TechNadu, which cited the work of an independent security researcher Rajshekhar Rajaharia was claimed that a massive database of above 36 Lakh users of MobiKwik appeared for sale on a popular hacker forum. French researcher Robert Baptiste, who goes by the name Elliot Alderson on Twitter, said that it's probably the "Largest KYC Data Leak in History" However, the company MobiKwik denied the breach ahead of IPO and said that they didn't find any security lapses.
MobiKwik KYC Data Breach Proof
Screenshot from a popular hacker forum


According to Moneycontrol the breached data includes details of user's email addresses, phone numbers, hashed passwords, plus bank account and card details.

According to TechNadu, Here is the list of documents available on the dark web:
  1. Total 350GB MySQL dumps – > 500 databases
  2. 99 million – mail, phone, passwords, addresses, lots more data, apps installed, ph manf., IP address, GPS location
  3. 40 million – 10 digit card, month, year, card hash (sha256)
  4. lots of databases with all company data
  5. ~7.5 TB of ~3 million Merchant KYC data – passports, Aadhar cards, pan cards, selfie, store picture proof, etc., used to get loans on the site
According to the company,
"Some media-crazed so-called security researchers have repeatedly attempted to present concocted files wasting precious time of our organization as well as members of the media. We thoroughly investigated and did not find any security lapses. Our user and company data is completely safe and secure,"
MobiKwik stated to Moneycontrol while denying the breach.