Less than a week after Zee5 had its customersโ data leaked, MobiKwik, one of Indiaโs top fintech platforms seems to have the same fate now. A security researcher has shared some images of data claiming to be from MobiKwikโs servers, which has been leaked by a hacker. While the data remains unverified, MobiKwik has straightway denied the allegations.
MobiKwik Data Leak Incident
MobiKwik is one of the well-known names in the Indian payments sector, which has been a part of the financial technology revolution that rose after demonetization in 2016. While itโs lagging behind the top players like GPay, Phonepe, and Paytm, itโs having a significant user base to serve.
Now, the company is being alleged by a security researcher named Rajasekhar Rajaharia, who on Twitter claims that about 11 crores of Indian card data were leaked from MobiKwikโs server! He further states that a hacker had access to this alleged leaking server for over a month, which contained the customerโs sensitive data.
11 Crore Indian CardHolders data alleged leaked from @MobiKwik Server, Hacker claimed. It Seems hacker still have their data. Backup was alleged taken on 20Jan 2021. He claim to have mobikwik access since last 30 days. @RBI @IndianCERT Please look into this matter.#InfoSec #GDPR pic.twitter.com/tBS3U6Oqhw
— Rajshekhar Rajaharia (@rajaharia) March 4, 2021
Last week, he shared several images of this leak, claiming that โpersonal details & KYC soft copy (PAN, Aadhar, etc) allegedly leaked from a companyโs Server in India,โ later pointing out to MobiKwik. Screenshots shared by him from the alleged hacker donโt have MobiKwikโs name mentioned in it but says one of the top three Indian firms.
Also, images shared by him claiming to be the data leaked from MobiKwikโs server arenโt authenticated but had details like hashed card data and related transaction IDs. MobiKwik, on the other hand, has cleared the air by denying these allegations straightway. It said to have โthoroughly investigatedโฆallegations and did not find any security lapses.โ
Assuring that both the user and companyโs data is safe, MobiKwik said it would take legal action against Rajaharia for alleging without proper evidence. While this being an allegation, MobiKwik has already suffered a data breach in 2010 and disclosed it officially. Zee5, which was also been in the news last week, had faced a similar data breach incident last year.ย