MobiKwik Biggest Data Breach: Here is What Happened
In history, one of the biggest data breaches has happened with MobiKwik users. Over 10crore MobiKwik users’ data has been kept on sale on the Dark web at a price of 1.5 Bitcoin i.e, around Rs. 65 Lakh. In a month, MobiKwik has denied the reports of the largest data breach for the second time.
Full Details of MobiKwik Data Leak
However, in a post, a hacker claimed that he has deleted the data backups of over 10 crore users. A hacker named “ninja_storm”– has put up 8.2TB of data of the users for sale.
The most shocking thing here is that the hacker has got access to the personal data of users for over a month. According to the reports, the data was hacked around January 21, 2021. The data that is hacked includes email, Phone number, password, address, apps installed on the phone, IP address, GPS location, etc.
Among the users, the database also has bank details of 4 crore users, and KYC data of 30 lakh users includes, Passports, Aadhar cards, Pan cards, picture proof, and more.
Here is the chain of the largest data breach of 10 crore users.
On 8th February 2021, the hacker named “ninja_storm” joined Raid Forum. On 24th February, the hacker posted the data breach.
25th February, the hacker says that he has lost access to his servers while transporting the data.
On 26th February, a cybersecurity researcher Rajaharia posted a tweet about the data leak for the first time. He posted a tweet but did not link any data, but he pinned to MobiKwik. As he guessed that the leaked data belongs to MobiKwik. But, on 4th March, MobiKwik released a statement and denied about data leak of their users.
However, later, after two days, the hacker confirmed that the data belongs to MobiKwik only. Then after a long break on 27th March, the hacker posted a message on Raid Forum and said that he has recovered all the data and has kept it up for sale on the Dark web at a price of 1.5 Bitcoin. A month ago, the hacker said he has lost the data while transporting the server. Then few of the users asked MobiKwik about the data breach on Twitter.
The payment app company continued to deny the data leak of their users and posted a tweet.
A note to our users. pic.twitter.com/J3WRM0Ko8v
— Bipin Preet Singh (@BipinSingh) March 30, 2021
MobiKwik app was founded in 2009 by Bipin Preet Sing and Upasana Taku. Apart from offering digital wallet service it also offers credit and insurance to its customers.