MobiKwik data leak: What we know so far

In what is being touted as one of the biggest data breaches in history, sensitive information of nearly 10 crore users of MobiKwik was reported to have been leaked online. Following a denial from the company, the hacker who claimed to have access to the user data has said that he has voluntarily deleted it.This is a welcome development, given that the hacker -- who goes by the name ninja_storm -- had earlier offered to sell 8.2TB of compromised user data. The hacker claimed that the data contained “email, phone number, passwords, addresses, other apps installed, phone manufacturer’s names, IP addresses, GPS location, etc”, among other details.Here’s a look at the timeline of the MobiKwik KYC data breach24 February, 2021: The hacker announced on a platform known as Raid Forum that he had access to the data of one of the “top 3 financial services companies from India - 7 TB”. While the hacker did not name the company, he said he was looking to interact with “serious buyers” interested in the data.To satisfy viewers who asked for proof of this data, the hacker created a Discord server and invited people to have a look for themselves. A day later, however, the hacker said that access to the data was lost while transporting it to other servers.26 February, 2021Soon, internet security researcher Rajshekhar Rajaharia took to Twitter to announce the discovery of this data breach. Tagging the Reserve Bank of India, he said that personal details and Know- Your- Customer data such as PAN, Aadhaar numbers of 11 crore Indians had been leaked from a company's server in India. He did not name the organization suffering the alleged data breach.Demanding an investigation, he said that the hacker had claimed to have had access to the company's server since January 2021.https://twitter.com/rajaharia/status/136532494363056128127 February, 2021A day later, Rajshekhar Rajaharia tagged MobiKwik in the same tweet thread and demanded answers from them.https://twitter.com/rajaharia/status/13656009634787123204 March, 2021Nearly a week later, MobiKwik responded to the allegations and denied them completely. MobiKwik claimed that the allegations were actions of “a media-crazed so-called security researcher”, the company threatened to initiate legal action against the researcher.https://twitter.com/rajaharia/status/1367438237921243142https://twitter.com/MobiKwik/status/13674893309026754636 March, 2021Following this, the hacker announced on Raid Forum that the compromised data was indeed from Mobikwik.27 March, 2021The hacker then said the data had been recovered and was up for grabs for 1.5 Bitcoin, which would be close to Rs 65 lakh.29 March, 2021The hacker then said he would delete the entire data set if Mobikwik admitted to the data breach. On the same day, ethical hacker Elliot Alderson tweeted to confirm the Mobikwik data breach. Users too began to confirm that their data was now up on the darkweb.https://twitter.com/fs0c131y/status/1376497667908452353https://www.moneycontrol.com/news/technology/mobikwik-data-hack-heres-how-to-check-if-your-data-is-safe-6708891.html30 March, 2021MobiKwik stuck to its guns and maintained that there was no data breach at all. Though the company categorically denied that the data available on the darkweb was from MobiKwik, it said that it would get a third party to conduct a forensic data security audit “considering the seriousness of the allegations, and by way of abundant caution”.https://twitter.com/BipinSingh/status/1376833273586941952In a quick turn of events, the hacker said that he had deleted the entire data and that all user data was now secure with Mobikwik. The hacker added that he hoped lessons were learnt from the incident.

Home

Live TV

CNBC-TV18 Specials

Sections

Terms and Conditions

MobiKwik data leak: What we know so far

By CNBCTV18.COMApr 1, 2021 1:49:05 PM IST (Published)

Following a denial from the company, the hacker who claimed to have access to the user data has said that he has voluntarily deleted it.

Live Tv

Market Movers

Live TV

CNBC-TV18 Specials

Sections

Terms and Conditions

MobiKwik data leak: What we know so far

By CNBCTV18.COMApr 1, 2021 1:49:05 PM IST (Published)

Following a denial from the company, the hacker who claimed to have access to the user data has said that he has voluntarily deleted it.

Live Tv

Most Read

Market Movers