3.5 Mn Data Of Mobikwik Users Allegedly Leak; Company To Conduct Forensic Data Security Audit By Third Party
Grow Your Business, Not Your Inbox
You're reading Entrepreneur India, an international franchise of Entrepreneur Media.
Gurugram-based fintech firm Mobikwik faced fresh trouble due to an alleged data leak which included information such as know-you-customer (KYC) details, addresses, phone numbers, Aadhaar card data and were found on the dark web. However, the company has sternly denied such data leak and said that its users’ data are safe.
According to reports, data of close to 3.5 million Indian users were exposed. The incident first came to light when an independent cybersecurity researcher Rajshekhar Rajaharia last month said that the leak involves 11 crore Indian cardholders’ data, which were allegedly leaked from a Mobikwik server. Back then, the company has denied of such claims. However, on Monday a link from the dark web was reportedly spotted online. Users had claimed seeing their personal details on the dark web.
Several users also posted screenshots of the Mobiwik users' data that was up for sale on the dark web.
Popular French ethical hacker who goes with the pseudonym of Elliot Anderson also backed Rajaharia and posted a screenshot of the data leak on Twitter with caption: “Probably the largest KYC data leak in history.”
Several twitter users confirmed that their data which were provided to Mobikwik were available online.
Upon reaching out to the company, a Mobikwik spokesperson said, “As a regulated entity, the company takes its data security very seriously and is fully compliant with applicable data security laws. The company is subjected to stringent compliance measures under its PCI-DSS and ISO Certifications which includes annual security audits and quarterly penetration tests to ensure security of its platform. As soon this matter was reported, the company undertook a thorough investigation with the help of external security experts and did not find any evidence of a breach. The company is closely working with requisite authorities on this matter, and considering the seriousness of the allegations will get a third party to conduct a forensic data security audit. For its users, the company reiterates that all MobiKwik accounts and balances are completely safe.”
Bipin Preet Singh, chief executive officer and founder of Mobikwik in a statement referring to some of users data available on dark web said that it is entirely possible that any user could have uploaded her/his information on multiple platforms. “Hence, it is incorrect to suggest that the data available on the darkweb has been accessed from Mobikwik or any identified source.”
A note to our users. pic.twitter.com/J3WRM0Ko8v— Bipin Preet Singh (@BipinSingh) March 30, 2021
However, he said that the company will get a third party to conduct a forensic data security audit. The incident comes at a time when the company is targeting to go public.