Home / Tech / News / Private data of 3.5 million MobiKwik users reportedly up for sale, company denies claim

Private data of 3.5 million MobiKwik users reportedly up for sale, company denies claim

The breached data reportedly contains 36,099,759 files that comprise 8.2 terabytes of data which is being offered for sale at 1.5 bitcoins (or $84,000). Representational image. 
The breached data reportedly contains 36,099,759 files that comprise 8.2 terabytes of data which is being offered for sale at 1.5 bitcoins (or $84,000). Representational image.  (Pixabay)

A database containing private information of 3.5 million users has reportedly appeared for sale on the dark web, including 3.6 crore files after a breach at payments startup Mobikwik

A database containing private information of 3.5 million users has reportedly appeared for sale on the dark web after a breach at payments startup Mobikwik according to a report by Moneycontrol.

The appearance of the portal and information about the breach was first reported by TechNadu, which cited the work of an independent researcher Rajshekhar Rajaharia. French ethical hacker and security researcher Robert Baptiste, who goes by the name Elliot Alderson, also tweeted about the alleged data breach this afternoon.

A French ethical hacker also tweeted about the incident earlier today.  
A French ethical hacker also tweeted about the incident earlier today.   (Elliot Alderson/Robert Baptiste)

The breached data reportedly contains 36,099,759 files that comprise 8.2 terabytes of data. This is being offered for sale at 1.5 bitcoins (or $84,000) according to TechNadu. The data uploader has promised the dark web portal will then be taken offline, keeping everything exclusive to the buyer. 

According to Moneycontrol, the data includes details of users email addresses, phone numbers, hashed passwords, plus bank account and card details. Here is the list of documents available on the dark web, according to TechNadu

1) Total 350GB MySQL dumps – > 500 databases

2) 99 million – mail, phone, passwords, addresses, lots more data, apps installed, phone manufacturer, IP address, GPS location.

3) 40 million – 10 digit card, month, year, card hash (sha256).

4) ~7.5 TB of ~3 million Merchant KYC data – passports, Aadhar cards, pan cards, selfie, store picture proof, etc., used to get loans on the site

A tweet by independent researcher Rajshekhar Rajaharia from earlier this month.
A tweet by independent researcher Rajshekhar Rajaharia from earlier this month. (Rajshekhar Rajaharia/Twitter)

We reached out to Mobikwik for comment, and the company denied the claims made by the researcher. "Some media-crazed so-called security researchers have repeatedly attempted to present concocted files wasting precious time of our organization as well as members of the media. We thoroughly investigated and did not find any security lapses. Our user and company data is completely safe and secure," a MobiKwik spokesperson told us on Monday evening.

Follow HT Tech for the latest tech news and reviews, also keep up with us on Twitter, Facebook, and Instagram. For our latest videos, subscribe to our YouTube channel.