Hacker claims stealing 8.2TB of MobiKwik data; leaks some online

Hacker claims stealing 8.2TB of MobiKwik data; leaks some online

MobiKwik has denied the breach and accused the security researcher who initially reported the incident as “a media-crazed so-called security researcher” who is “desperately trying to grab media attention.” 


Fintech platform MobiKwik is being criticized for hiding a data breach that exposed nearly 8.2TB of data, including sensitive records such as KYC details, phone numbers, addresses, and Adhaar card data.


The leak was first reported in February 2021 by security researcher Rajeshkhar Rajaharia. However, the company denied the news at the time, and it still hasn’t accepted that the breach has occurred.


In fact, in a tweet, the company publically insulted the researcher by calling him “a media-crazed so-called security researcher” who is “desperately trying to grab media attention.” 


Details of the Hack


According to the tweet posted by Rajaharia on February 26, card data of approx. 11 crore cardholder Indians was leaked by an Indian company’s server. The tweet read:



“11 crore (11 million) Indian cardholders’ card data, including personal details and KYC soft copy (PAN, Aadhar, etc) allegedly leaked from a company’s server in India. 6 TB of KYC data and 350 GB of compressed MySQL dump”.


The researcher later identified the firm as MobiKwik which brands itself as “a Truly Indian Payments App.” He further alleged that the company removed an old post about another data breach that occurred in 2010. However, MobiKwik stated that it is still up and wasn’t removed.


French hacker Robert Baptiste, who uses the pseudonym Elliot Alderson on Twitter, reported the hack on Monday. In his tweet, Baptiste noted that it could be the largest KYC data breach.


..

Support the originator by clicking the read the rest link below.