Moneycontrol PRO
you are here: HomeNewsBusiness

Independent researcher says biggest-ever data breach at Mobikwik; company denies claim

The massive breach reportedly includes 36,099,759 files.

March 29, 2021 / 05:54 PM IST
Cybersecurity | Representative image.

Cybersecurity | Representative image.

A huge database containing sensitive details of 3.5 million users of MobiKwik, a Gurugram-based payments startup, appeared for sale online on a hacker forum on March 29.

The massive breach reportedly includes 36,099,759 files. Apart from this, the 8.2 TB data comprises 99,224,559 user phone numbers, email, hashed passwords, addresses, bank accounts and card details.

Mobikwik plans IPO before September 2021 to raise $200-250 million

The hacker has even set up a dark web portal where one can search by phone number or email ID and get the specific results, reported TechNadu, quoting independent researcher Rajshekhar Rajaharia.

However, MobiKwik has denied the breach. "Some media-crazed so-called security researchers have repeatedly attempted to present concocted files wasting precious time of our organization as well as members of the media. We thoroughly investigated and did not find any security lapses. Our user and company data is completely safe and secure," the firm told Moneycontrol.

Among the most vital information, a prospective buyer can get the entire database by paying 1.5 BTC ($84k) and take the dark web portal offline.

The pack also includes data comprising:

1) Total 350GB MySQL dumps: 500 databases.
2) 99 million data -- mail, phone, passwords, addresses, etc.
3) 40 million -- 10 digit card, month, year, card hash, etc.
4) Company data.
5) Over 7.5 TB of 3 million Merchant KYC data, including passports, Aadhar cards, pan cards etc.

Invite your friends and family to sign up for MC Tech 3, our daily newsletter that breaks down the biggest tech and startup stories of the day

Moneycontrol News
first published: Mar 29, 2021 05:49 pm