Onion link-
http://mobikwikoonux37wauz6oqymshuvebj5u763rutlogc2fb2o3ugcazid.onion/
I checked my details, matches what I had in my mobikwik profile. Checked for my friend, he confirmed the card details are correct.
Edit: password is hashed and card details partially blanked. I am assuming the leaker has them in full clear text, just removed them for public viewing.
Were you able to access the onion link?
The link never worked for me.
Yes, but it works intermittently. Failed to connect to backed errors. I tried after a few minutes. Try a new node or refresh your tor connection.
Apparently, the breach happened on 4th March. Lots of people confirming data leak is real.
Edit- Onion link seems to be down now.
Earlier they had denied. But several users are responding to this tweet.
Onion link for those who want to try
Tor link for the compromised stuff:
Use Tor.
Thankfully I never did my KYC with them. But my email, phone, bank account details are visible.
How did you search? The search bar didn’t work for me
Onion link is working fine and its a very serious issue. govt is encouraging digitization but not at all serious for making law for data protection.
Yup, unless there is a law to mandate good data security practices and severe fines for breaches, the companies have no incentive to actually care and spend money on data security.
Looks like they are preparing a press release because they haven’t said anything.
Their latest tweet since the breach.
Again, Not surprised at all. The key weakness with most mobile app/service startups is not investing enough in information security. They spend a lot on marketing and this is the price they pay.
Some traction by media.
I was able to access the site via tor this time, but the search feature is now disabled.
Hackersnews also picked it up. They won’t be able to ignore anymore lol.
Bunch of bafoons, they should be penalized for this. Pancard, aadhar cards, photos, address, credit card numbers (masked) everything is available.
This is a criminal offence.
Blog update- https://blog.mobikwik.com/message-from-the-company/
Oh yes, who would have thought that people usually upload same identity documents for KYC. Because they are ID proofs! That’s how ID proof works.
Omg they are still in denial lol.
Speechless.
Seriously man, what pieces of shit. This needs to be penalised.
Other payment services and other services in general that collect such sensitive user information should learn from this and strengthen their security.
Glad not to have done any KYC with them. Although had added a few credit card details into it.
Always got that shady vibe when using the app.