Mobikwik, digital financial services platform from Indian belonging, denies the fact that over 8 TB of their data in their database on their server have been stolen.
Last month, Rajshekhar Rajaharia, cyber-security researcher shared with a tweet what he found, according to which, a threat actor has been selling a database containing sensitive information stolen from Mobikwik after a hack leading to gaining access to the company’s server, since January 2021.
That time the privately held fintech platform has a reply that all this was the Rajaharia’s aiming to “grab media attention.” The company also said, “Users and company data is completely safe and secure” since an investigation “did not find any security lapses.”
MobiKwik added, its “legal team will be pursuing strict action against this so-called researcher who is trying to malign our brand reputation for ulterior motives.”
The alleged stolen data contain all personal and financial information including addresses, phone numbers, emails and hashed passwords of over 100 million individuals, their bank accounts and card information of about 40 million users. The database also contains roughly 3.5 million Indian’s KYC data.
The threat actors provided a search portal for the users to search if their data included in the list of stolen data. However, this portal has been removed because of the increase amount of traffic.
On today, the company once again denies that the data breach has occurred to their server. According to the company, the users who search for their data on the search portal provided by the threat actor might have uploaded their data themselves to the dark web.
Mobikwik said, “Some users have reported that their data is visible on the darkweb. While we are investigating this, it is entirely possible that any user could have uploaded her/ his information on multiple platforms. Hence, it is incorrect to suggest that the data available on the darkweb has been accessed from MobiKwik or any identified source.”
“The company is closely working with requisite authorities, and is confident that security protocols to store sensitive data are robust and have not been breached. Considering the seriousness of the allegations, and by way of abundant caution, it will get a third party to conduct a forensic data security audit, MobiKwik added.
The company re insured the customers that their accounts are safe and their financial information is stored in encrypted form.
