A huge database containing sensitive details of 3.5 million users of MobiKwik, a Gurugram-based payments startup, appeared for sale online on a hacker forum on March 29.
The massive breach reportedly includes 36,099,759 files. Apart from this, the 8.2 TB data comprises 99,224,559 user phone numbers, email, hashed passwords, addresses, bank accounts and card details.
Mobikwik plans IPO before September 2021 to raise $200-250 million
The hacker has even set up a dark web portal where one can search by phone number or email ID and get the specific results, reported TechNadu, quoting independent researcher Rajshekhar Rajaharia.
However, MobiKwik has denied the breach. "Some media-crazed so-called security researchers have repeatedly attempted to present concocted files wasting precious time of our organization as well as members of the media. We thoroughly investigated and did not find any security lapses. Our user and company data is completely safe and secure," the firm told Moneycontrol.
Among the most vital information, a prospective buyer can get the entire database by paying 1.5 BTC ($84k) and take the dark web portal offline.
The pack also includes data comprising:
1) Total 350GB MySQL dumps: 500 databases.
2) 99 million data -- mail, phone, passwords, addresses, etc.
3) 40 million -- 10 digit card, month, year, card hash, etc.
4) Company data.
5) Over 7.5 TB of 3 million Merchant KYC data, including passports, Aadhar cards, pan cards etc.