In February, Internet Security Researcher Rajshekhar Rajaharia tweeted that KYC Data of nearly 11 crore Indians was leaked on to the dark web. This is apparently an 8TB treasure trove of PAN numbers, Aadhar information, credit card information and bank details. The hacker has claimed that he had access to the company’s server since January 2021.
The source of this hack is UPI payments and wallet app Mobikwik, which has so far denied the breach stating that, “Some media-crazed so-called security researchers have repeatedly attempted to present concocted files wasting precious time of our organization as well as members of the media. We thoroughly investigated and did not find any security lapses. Our user and company data are completely safe and secure.”
Okay. So, has my data been hacked or not?
Even in the face of Mobikwik's vehement denials, the evidence has mounted strongly against the company. Besides Rajaharia’s damning series of tweets, several other prominent security researchers have also tweeted against the company including ethical hacker Elliot Alderson.
This is not the first time Mobikwik has been hacked either. As per a blog post
by the company in 2010, someone gained access to the company’s ‘IT systems. Rajaharia claims to have also reported a bug on March 1st
which Mobikwik denied at first and then apparently fixed within the next one hour.
A lot of users have also checked and confirmed that the hack is indeed real with many Twitter users claiming that a lot of their data like Card information and personal details are part of the breach file.
Uh-oh. So how do I check if my data is hacked or not?
To those of you sweating bullets right now trying to figure out if your data was compromised or not, here is what you need to do to check. The first thing we recommend doing before anything else is to download the Tor browser, you can do so by visiting the link here.
Tor is a free and open-source web browser that helps you anonymously browse the web using a volunteer relay network. This makes it more difficult for people to snoop around on you while you browse.
Next you need to open this link.
This is the entire database of the breach that is now online. Disturbingly it also has pictures as proof of Random KYCs in the database. Search for your information using your phone number or email id. If nothing shows up, you are safe and you can breathe a sigh of relief.
If something does show up, immediately contact your bank, and block your cards now. Change your netbanking password and if possible, just change the email id that has been linked to your bank details. This will mean you will have to jump through a few hoops like creating a new mail account or completing some formalities with your bank but that is 100 percent worth it and will give you some peace of mind. As to what can be done with the data, your guess is as good as mine. Once something is on the internet, it never really leaves.