The hacker group by the name of Jordandaven have claimed to have breached the firewall of Mobikwik and leaked the data such as mobile phone number, bank account details, email, and credit card numbers of 9.9 crore Indian Mobikwik users. The digital payments company has strongly denied this claim.
Jordandaven shared the data of Mobikwik founder Bipin Preet Singh and Mobikwik CEO Upasana Taku from the database.
Jordandaven had emailed PTI a link of the database and had stated that they do not have any intention of using or selling the data except to get money from Mobikwik and delete it from their end.
Cybersecurity analyst Rajashekhar Rajaharia had disclosed about this breach and has said that he had also written to the Reserve Bank of India, Indian computer emergency response team, PCI Standards, and payment technology firms, etc. He said that all Mobikwik users must immediately change the password of their bank account, credit cards, etc, to keep their money safe.
When contacted, Mobikwik has officially denied the hacking claim.
The company’s spokesperson said that as a regulated entity, “The company is subjected to stringent compliance measures under its PCI-DSS and ISO Certifications which includes annual security audits and quarterly penetration tests to ensure the security of its platform. As soon this matter was reported, the company undertook a thorough investigation with the help of external security experts and did not find any evidence of a breach,”.
Hackers maintained that the database is of Mobikwik and uploaded several pictures of Mobikwik QR code along with documents used for ‘Know Your Customer’ compliance mainly the Aadhaar and PAN card.
Mobikwik said that it is closely working with requisite authorities on this matter, and considering the seriousness of the allegations will get a third party to conduct a forensic data security audit.
“For its users, the company reiterates that all MobiKwik accounts and balances are completely safe,” the company spokesperson said.
Rajaharia said that government authorities should thoroughly investigate the data leak immediately as it has wider ramifications that can potentially lead to several financial frauds.
“Full 16 digit card numbers might be unmasked because their encryption algorithm is public now. This massive data breach might be a threat for other banks, and wallets because these days each and every data set is connected to each other,” Rajaharia said.