Despite Mobikwik Denial, Data Of 100 Mn Users Exposed In Massive Leak

Despite Mobikwik Denial, Data Of 100 Mn Users Exposed In Massive Leak

SUMMARY

The database contains detailed records of 11 Cr users with a whopping 8.2 TB of data

The dump is also said to have 7.5 TB of merchant KYC data pertaining to 3.5 Mn such Mobikwik customers

The seller of the data claims that the merchant entries can be used to raise loans by posing as the merchant

Fintech startup Mobikwik denied claims about a data breach impacting 100 Mn users, in what many are calling the biggest data leak from an Indian tech company. The leaked data is said to impact Mobikwik’s individual customers as well as the merchants that have procured loans from the company.

First spotted by independent cybersecurity researcher Rajshekhar Rajaharia earlier this month, the database contains user records for 11 Cr Mobikwik users with a whopping 8.2 TB of data. According to Technadu, which first reported the data leak, the seller of the database has set up a dark web portal where one can search by phone number or email ID. While this may be useful for attackers to initiate targetted attacks, the database can also be purchased for 1.5 Bitcoin (or roughly $85K).

The data dump is said to contain 350GB of MySQL dumps or 500 databases, 99 Mn email, phone, passwords, physical addresses, IP address, GPS location and device related data, as well as 40 Mn records of card numbers, expiry dates, card hashes (SHA256 enctrypted).

Besides this, the data dump also has 7.5 TB of merchant KYC data pertaining to 3.5 Mn merchants. This includes passports, Aadhaar cards, PAN cards, selfies, other photograph proof and more, essentially information that Mobikwik used to furnish loans to these customers. Further, the seller of the data claims that the merchant entries can be used to raise loans by posing as the merchant.

Mobikwik was founded in 2009 by Bipin Preet Singh and Upasana Taku. It started its journey as a digital wallet, but has transformed into a horizontal fintech platform that offers multiple financial services to its platform including credit, insurance, gold loans. In terms of funding, Mobikwik has raised close to INR 223 Cr ($29.56 Mn) to date from investors like Sequoia Capital, American Express, Bajaj Finserv and others.

“Some media-crazed so-called security researchers have repeatedly attempted to present concocted files wasting precious time of our organization as well as members of the media. We thoroughly investigated and did not find any security lapses. Our user and company data is completely safe and secure.” – Mobikwik statement on the data leak.

Further, on Twitter, the company said it would pursue legal action against Rajaharia over the claims in his tweet. “The various sample text files that he has been showcasing prove nothing. Anyone can create such text files to falsely harass any company,” the fintech company said.

Mobikwik response on data breach

But the company has not elaborated on how specifics such as Mobikwik QR codes and other Mobikwik branded devices are present in the leaked data. It is important to note that Mobikwik is looking to go for an IPO later this year and as such any data leak could severely impact its plans in that regard.

Besides Rajaharia, other researchers including French national Robert Baptiste who goes by Elliot Alderson on Twitter also claimed to have seen the data dump on the dark web. A group of researchers who go by the name XploitWizer on Twitter showed how easy it is to search for entries on the portal. You can watch the video here.

Besides such researchers and engineers, several Mobikwik users have also claimed that their data is present in the leaked database.

Step up your startup journey with BHASKAR! From resources to networking, BHASKAR connects Indian innovators with everything they need to succeed. Join today to access a platform built for innovation, growth, and community.

You have reached your limit of free stories
Become An Inc42 Plus Member

Become a Startup Insider in 2024 with Inc42 Plus. Join our exclusive community of 10,000+ founders, investors & operators and stay ahead in India’s startup & business economy.

2 YEAR PLAN
₹19999
₹7999
₹333/Month
UNLOCK 60% OFF
Cancel Anytime
1 YEAR PLAN
₹9999
₹4999
₹416/Month
UNLOCK 50% OFF
Cancel Anytime
Already A Member?
Discover Startups & Business Models

Unleash your potential by exploring unlimited articles, trackers, and playbooks. Identify the hottest startup deals, supercharge your innovation projects, and stay updated with expert curation.

Despite Mobikwik Denial, Data Of 100 Mn Users Exposed In Massive Leak-Inc42 Media
How-To’s on Starting & Scaling Up

Empower yourself with comprehensive playbooks, expert analysis, and invaluable insights. Learn to validate ideas, acquire customers, secure funding, and navigate the journey to startup success.

Despite Mobikwik Denial, Data Of 100 Mn Users Exposed In Massive Leak-Inc42 Media
Identify Trends & New Markets

Access 75+ in-depth reports on frontier industries. Gain exclusive market intelligence, understand market landscapes, and decode emerging trends to make informed decisions.

Despite Mobikwik Denial, Data Of 100 Mn Users Exposed In Massive Leak-Inc42 Media
Track & Decode the Investment Landscape

Stay ahead with startup and funding trackers. Analyse investment strategies, profile successful investors, and keep track of upcoming funds, accelerators, and more.

Despite Mobikwik Denial, Data Of 100 Mn Users Exposed In Massive Leak-Inc42 Media
Despite Mobikwik Denial, Data Of 100 Mn Users Exposed In Massive Leak-Inc42 Media
You’re in Good company