Cybersecurity researchers have claimed that a database containing KYC details of nearly 3.5 million MobiKwik users is available for sale on the Dark Web.
ALSO READ | 10 WhatsApp Mistakes You Need To Stop Right Away
Independent cybersecurity researcher Rajshekhar Rajaharia had tweeted in February that data of “11 Crore Indian Cardholder Including personal details & KYC soft copy(PAN, Aadhar etc) allegedly leaked from a company’s Server in India. 6 TB KYC Data and 350GB compressed mysql dump”.
“Hacker claiming that he was having access in company’s server since Jan 2021 to till today,” he added in the tweet thread.
Restoking the controversy, French researcher who goes by pseudonym Elliot Alderson on Monday shared these claims in a tweet (removed by Twitter) where he wrote, “Probably the largest KYC data leak in history”.
Meanwhile, MobiKwik has vehemently denied the security breach.
The company is reiterating its older statement wherein it contended that “A media-crazed so-called security researcher has repeatedly over the last week presented concocted files wasting precious time of our organization while desperately trying to grab media attention. We thoroughly investigated his allegations and did not find any security lapses”.
“The various sample text files that he has been showcasing prove nothing. Anyone can create such text files to falsely harass any company,” the company had tweeted earlier in March in defence against the allegations.
“We thoroughly investigated and did not find any security lapses. Our user and company data is completely safe and secure,” MobiKwik assured in a statement shared with news agency IANS.
According to researchers, the entire database is available on the Dark Web for 1.5 Bitcoin (nearly $84,000).
“Eliot Alderson” again retweeted a tweet thread by Kiran Jonnalagadda where allegations of Mobikwik saving card details without permission, having details of apps on user’s phone, location coordinates etc. have been levelled.
The digital payments company is mired in this controversy while it reportedly plans to launch an initial public offering (IPO) around September this year to raise $200-250 million. How the matter unfolds remains to be seen.