Less than a week after Zee5 had its customers’ data leaked, MobiKwik, one of India’s top fintech platforms seems to have the same fate now. A security researcher has shared some images of data claiming to be from MobiKwik’s servers, which has been leaked by a hacker. While the data remains unverified, MobiKwik has straightway denied the allegations.
MobiKwik Data Leak Incident
MobiKwik is one of the well-known names in the Indian payments sector, which has been a part of the financial technology revolution that rose after demonetization in 2016. While it’s lagging behind the top players like GPay, Phonepe, and Paytm, it’s having a significant user base to serve.
Now, the company is being alleged by a security researcher named Rajasekhar Rajaharia, who on Twitter claims that about 11 crores of Indian card data were leaked from MobiKwik’s server! He further states that a hacker had access to this alleged leaking server for over a month, which contained the customer’s sensitive data.
11 Crore Indian CardHolders data alleged leaked from @MobiKwik Server, Hacker claimed. It Seems hacker still have their data. Backup was alleged taken on 20Jan 2021. He claim to have mobikwik access since last 30 days. @RBI @IndianCERT Please look into this matter.#InfoSec #GDPR pic.twitter.com/tBS3U6Oqhw
— Rajshekhar Rajaharia (@rajaharia) March 4, 2021
Last week, he shared several images of this leak, claiming that “personal details & KYC soft copy (PAN, Aadhar, etc) allegedly leaked from a company’s Server in India,” later pointing out to MobiKwik. Screenshots shared by him from the alleged hacker don’t have MobiKwik’s name mentioned in it but says one of the top three Indian firms.
Also, images shared by him claiming to be the data leaked from MobiKwik’s server aren’t authenticated but had details like hashed card data and related transaction IDs. MobiKwik, on the other hand, has cleared the air by denying these allegations straightway. It said to have “thoroughly investigated…allegations and did not find any security lapses.”
Assuring that both the user and company’s data is safe, MobiKwik said it would take legal action against Rajaharia for alleging without proper evidence. While this being an allegation, MobiKwik has already suffered a data breach in 2010 and disclosed it officially. Zee5, which was also been in the news last week, had faced a similar data breach incident last year.