If Mobikwik's data breach teaches us anything its that the internet is vulnerable, especially if not protected properly. According to IBM's X-Force threat intelligence, India accounted for nearly seven percent of all cyber attacks observed during 2020 in the Asia pacific region.
Though Mobikwik has so far denied it, users who have tested the breach link for themselves have confirmed that the breach is indeed real and personal information like card numbers, bank account details, PAN number, Aadhar and a lot more have leaked online.
Despite the evidence presented by the people, Mobikwik has still stuck to its claim that no data breach has occurred on its servers. Whatever the case may be its always prudent to know what to do in case your data has been leaked online. Here are some tips that could potentially tell you if your data is for sale somewhere on the interwebs.
The steps you need to be aware of in case of a data leak
The first thing to do is to determine whether your information has been leaked online or not. There are a few ways to do this. The easiest is to visit haveibeenpwned, it is a large database of known data breaches and information that was leaked in those breaches, all organised by email.
Simply let the site load and then type in your email id. If your email id was part of any known breach, it will show up as a list on the results page. The site will also tell you what the vector of the attack was and how much of your information was leaked.
The next step is to determine what type of information was leaked. If your email address and password were leaked like in the case of the 2017 Zomato hack, then you need to change your password on the affected service and your email account. You should also strongly consider two-factor authentication which adds an additional step when you log in and asks for a verification sent typically via SMS or on email.
If the leak revealed your bank account details or card information, then you immediately need to block your cards and change your internet banking password. You will also need to monitor activity on your account closely and check previous bank statements for transactions you do not recognise.
As an additional step, you can also check what the exact data breach file name is that your information is a part of. Head over to Cybernews’ personal data leak check and input your email id. The tool will then tell you exactly what file your information is part of - for example breachcomp2.0.
A leaked name on its own might not amount to much but combine that with a date of birth and you have a very sought-after combination since your date of birth will always stay the same across multiple services that you use. This is a goldmine for identify thieves.
You should also be wary of any KYC leaks like Aadhar or PAN information. Speaking of which, if you are a Mobikwik user, you might want to read this
. If your KYC data is part of the hack, then you need to inform the authorities immediately, since that data may be used in other nefarious activities.