Private data of 3.5 million MobiKwik users reportedly up for sale, company denies claim

A database containing private information of 3.5 million users has reportedly appeared for sale on the dark web, including 3.6 crore files after a breach at payments startup Mobikwik

By: HT TECH
| Updated on: Aug 21 2022, 16:00 IST
The breached data reportedly contains 36,099,759 files that comprise 8.2 terabytes of data which is being offered for sale at 1.5 bitcoins (or $84,000). Representational image. 
The breached data reportedly contains 36,099,759 files that comprise 8.2 terabytes of data which is being offered for sale at 1.5 bitcoins (or $84,000). Representational image.  (Pixabay)

A database containing private information of 3.5 million users has reportedly appeared for sale on the dark web after a breach at payments startup Mobikwik according to a report by Moneycontrol.

The appearance of the portal and information about the breach was first reported by TechNadu, which cited the work of an independent researcher Rajshekhar Rajaharia. French ethical hacker and security researcher Robert Baptiste, who goes by the name Elliot Alderson, also tweeted about the alleged data breach this afternoon.

You may be interested in

MobilesTablets Laptops
7% OFF
Apple iPhone 15 Pro Max
  • Black Titanium
  • 8 GB RAM
  • 256 GB Storage
23% OFF
Samsung Galaxy S23 Ultra 5G
  • Green
  • 12 GB RAM
  • 256 GB Storage
Google Pixel 8 Pro
  • Obsidian
  • 12 GB RAM
  • 128 GB Storage
Apple iPhone 15 Plus
  • Black
  • 6 GB RAM
  • 128 GB Storage
Also read
Looking for a smartphone? To check mobile finder click here.
A French ethical hacker also tweeted about the incident earlier today.  
A French ethical hacker also tweeted about the incident earlier today.   (Elliot Alderson/Robert Baptiste)
image caption
A French ethical hacker also tweeted about the incident earlier today.   (Elliot Alderson/Robert Baptiste)

The breached data reportedly contains 36,099,759 files that comprise 8.2 terabytes of data. This is being offered for sale at 1.5 bitcoins (or $84,000) according to TechNadu. The data uploader has promised the dark web portal will then be taken offline, keeping everything exclusive to the buyer. 

According to Moneycontrol, the data includes details of users email addresses, phone numbers, hashed passwords, plus bank account and card details. Here is the list of documents available on the dark web, according to TechNadu

1) Total 350GB MySQL dumps – > 500 databases

2) 99 million – mail, phone, passwords, addresses, lots more data, apps installed, phone manufacturer, IP address, GPS location.

3) 40 million – 10 digit card, month, year, card hash (sha256).

4) ~7.5 TB of ~3 million Merchant KYC data – passports, Aadhar cards, pan cards, selfie, store picture proof, etc., used to get loans on the site

A tweet by independent researcher Rajshekhar Rajaharia from earlier this month.
A tweet by independent researcher Rajshekhar Rajaharia from earlier this month. (Rajshekhar Rajaharia/Twitter)
image caption
A tweet by independent researcher Rajshekhar Rajaharia from earlier this month. (Rajshekhar Rajaharia/Twitter)

We reached out to Mobikwik for comment, and the company denied the claims made by the researcher. "Some media-crazed so-called security researchers have repeatedly attempted to present concocted files wasting precious time of our organization as well as members of the media. We thoroughly investigated and did not find any security lapses. Our user and company data is completely safe and secure," a MobiKwik spokesperson told us on Monday evening.

Catch all the Latest Tech News, Mobile News, Laptop News, Gaming news, Wearables News , How To News, also keep up with us on Whatsapp channel,Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.

First Published Date: 29 Mar, 20:16 IST
Tags:
NEXT ARTICLE BEGINS