Mobikwik data breach - personal data of 3.5 million users up for sale on dark web

D C · Mar 30, 2021

8.2 TB Of MobiKwik User Data Allegedly Hacked, Company Denies Breach

The data that’s on offer includes a total of 350 gigabytes of MySQL dumps that include 500 databases. It also consists of 99 million mail, phone passwords, addresses and data surrounding installed apps, IP addresses, GPS locations etc.

www.indiatimes.com

Tech News - Latest Technology News Today, Mobile News, Latest Gadget Advice | Techlusive India

Tech News - Get latest updates on technology news, upcoming phone, gadgets, review, mobile price, online games. Stay tuned to know more tech news at Techlusive.in.

www.bgr.in

Onion link- http://mobikwikoonux37wauz6oqymshuvebj5u763rutlogc2fb2o3ugcazid.onion/

I checked my details, matches what I had in my mobikwik profile. Checked for my friend, he confirmed the card details are correct.

Edit: password is hashed and card details partially blanked. I am assuming the leaker has them in full clear text, just removed them for public viewing.

JMP · Mar 30, 2021

Were you able to access the onion link?
The link never worked for me.

D C · Mar 30, 2021

Yes, but it works intermittently. Failed to connect to backed errors. I tried after a few minutes. Try a new node or refresh your tor connection.

Apparently, the breach happened on 4th March. Lots of people confirming data leak is real.

https://twitter.com/i/web/status/1367489330902675463

Edit- Onion link seems to be down now.

mk76 · Mar 30, 2021

Mobikwik data breach said to be largest KYC leak, personal data of 3.5 million users up for sale on dark web

Payment app Mobiwik came under the scanner on Monday after a security researcher claimed that the data of 3.5 million users were put up for sale on dark web.

www.indiatoday.in

Earlier they had denied. But several users are responding to this tweet.

https://twitter.com/i/web/status/1367489330902675463

Onion link for those who want to try

http://mobikwikoonux37wauz6oqymshuvebj5u763rutlogc2fb2o3ugcazid.onion/

alekhkhanna · Mar 30, 2021

Tor link for the compromised stuff:

http://mobikwikoonux37wauz6oqymshuv...sZSbjIae4-JzFlKyHY-f7Bi84Jcle2kVP1j__Blt8g_aI

Use Tor.

Thankfully I never did my KYC with them. But my email, phone, bank account details are visible.

wisekaiser · Mar 30, 2021

alekhkhanna said:
Tor link for the compromised stuff:

http://mobikwikoonux37wauz6oqymshuv...sZSbjIae4-JzFlKyHY-f7Bi84Jcle2kVP1j__Blt8g_aI

Use Tor.

Thankfully I never did my KYC with them. But my email, phone, bank account details are visible.

How did you search? The search bar didn't work for me

vishal_k · Mar 30, 2021

Onion link is working fine and its a very serious issue. govt is encouraging digitization but not at all serious for making law for data protection.

D C · Mar 30, 2021

Yup, unless there is a law to mandate good data security practices and severe fines for breaches, the companies have no incentive to actually care and spend money on data security.

iPwnz · Mar 30, 2021

Looks like they are preparing a press release because they haven't said anything.

D C · Mar 30, 2021

iPwnz said:
Looks like they are preparing a press release because they haven't said anything.

Their latest tweet since the breach.

https://twitter.com/i/web/status/1376757004895653889

kalph09 · Mar 30, 2021

Again, Not surprised at all. The key weakness with most mobile app/service startups is not investing enough in information security. They spend a lot on marketing and this is the price they pay.

alekhkhanna · Mar 30, 2021

Data of 10 crore Mobikwik users for sale on dark web, say cybersecurity experts

The Gurugram-based fintech company continued to deny its role in the leak, calling the researchers that made the breach public “media-crazed” alleging them of presenting “concocted files” as evidence.

economictimes.indiatimes.com

Some traction by media.

JMP · Mar 30, 2021

I was able to access the site via tor this time, but the search feature is now disabled.

iPwnz · Mar 30, 2021

Hackersnews also picked it up. They won't be able to ignore anymore lol.

https://twitter.com/i/web/status/1376788284181901312

MrRobot · Mar 30, 2021

Bunch of bafoons, they should be penalized for this. Pancard, aadhar cards, photos, address, credit card numbers (masked) everything is available.

This is a criminal offence.

D C · Mar 30, 2021

Blog update- https://blog.mobikwik.com/message-from-the-company/

While we are investigating this, it is entirely possible that any user could have uploaded her/ his information on multiple platforms.

Oh yes, who would have thought that people usually upload same identity documents for KYC. Because they are ID proofs! That’s how ID proof works.

iPwnz · Mar 30, 2021

Omg they are still in denial lol.
Speechless.

alekhkhanna · Mar 30, 2021

iPwnz said:
Hackersnews also picked it up. They won't be able to ignore anymore lol.

https://twitter.com/i/web/status/1376788284181901312

Seriously man, what pieces of shit. This needs to be penalised.

Goodfella · Mar 30, 2021

Other payment services and other services in general that collect such sensitive user information should learn from this and strengthen their security.

goDofWar_skr · Mar 30, 2021

Glad not to have done any KYC with them. Although had added a few credit card details into it.
Always got that shady vibe when using the app.

Mobikwik data breach - personal data of 3.5 million users up for sale on dark web

D C

8.2 TB Of MobiKwik User Data Allegedly Hacked, Company Denies Breach

Tech News - Latest Technology News Today, Mobile News, Latest Gadget Advice | Techlusive India

JMP

D C

mk76

Mobikwik data breach said to be largest KYC leak, personal data of 3.5 million users up for sale on dark web

alekhkhanna

wisekaiser

vishal_k

D C

iPwnz

Brutally Honest

D C

kalph09

alekhkhanna

Data of 10 crore Mobikwik users for sale on dark web, say cybersecurity experts

JMP

iPwnz

Brutally Honest

MrRobot

D C

iPwnz

Brutally Honest

alekhkhanna

Goodfella

goDofWar_skr