Has Mobikwik suffered one of the biggest data breaches ever in India?
- 29913
- 568
-
- Last Comment
Hello,
I was just browsing casually when something really surprising caught my attention.
From multiple sources, it seems that Mobikwik has allegedly suffered the biggest data breach ever
The data breach leaks information like :-
1. Mobikwik Account Phone Numbers
2. Your full name
3. Your KYC documents like PAN & Aadhaar
4. E-mail addresses
5. Hashed passwords
6.Debit/Credit Card details
7.Your GPS location
8. Phone model details including IMEI
9. Other apps in your system.
Looks like Mobikwik hasn’t come up with any official clarification regarding this. If true this will be the biggest data breach ever and will be catastrophic
Multiple sources have this news like:-
1.
https://mobile.twitter.com/XploitWizer/status/1...
2. https://www.databreaches.net/in-threat-actor-of...
3. https://mobile.twitter.com/fs0c131y/status/1376...
Please note that this is unverified as Mobikwik has not issued any official clarification and also this information is available on other public websites where it was originally posted and I also hope it’s not true however it certainly raises a question on Indian companies and if at all they are trying to safeguard our data.
A data protection law is must for India these days
Deal Wiki
-
Last updated by: relwanivasudev473
Disclaimer :- Please note that this is unverified information. I’m not criticizing Mobikwik directly in any way. This post is just for awareness and discussion. I personally love Mobikwik offers very much. However by historical trends every company has refused to accept any data breach information at first instance. These information regarding the alleged breach are available publicly in websites with links given we are just discussing about it here
Check it out - detailed news
https://hindi.thequint.com/tech-and-auto/cyber-...
True but we should start demanding Data Protection Laws now. So many controversial laws getting passed however this law is something we need these days.
Mobikwik has a lot of caps and restrictions on supercash usage unless we aren’t full KYC so definitely they have a lot of full KYC customers
It is true. It is showing my account name and IFSC code.
My saved credit cards.
Were you able to check?
Forget data breach, what business this mobidick has in keeping record of other apps in our system?!
Kindly post the link for it so tht every1 can b aware
Good that you added deal wiki.
@AyushiiiVijay Apki tippani ispe?
T – Your views on this one.
Hum to hamesha se verge pai the leak ke… Har cheez pai kyc doc gussa dena…even dont know how many more apps are vulnerable which have all our kyc details and cards..
May be this incident will bring some big reforms
Kal hi dekha tha twitter pe.. same to same.
Pending verification..
PS: Proud mini KYC user.. @ AnkitFaddiya
Guys, maybe this news is true.. but it’s as foolish to check your details in *any provided link by putting your MK credentials. You can be hacked for real! Remember..
MobiXicK’s official statement
A media-crazed so-called security researcher has repeatedly over the last week presented concocted files wasting precious time of our organization while desperately trying to grab media attention.We thoroughly investigated his allegations and did not find any security lapses.
Our user and company data is completely safe and secure.
The various sample text files that he has been showcasing prove nothing. Anyone can create such text files to falsely harass any company.
Finally, our legal team will be pursuing strict action against this so-called researcher who is trying to malign our brand reputation for ulterior motives.
-Team MobiKwik
Expected!
Link please
mobiwik has no offers
These guys want to go for IPO
Link plz
Has anyone tried in that link with number not linked with Mobikwik?
It doesn’t show any data? or its show some data related to that number?
Whats the guarantee that all datas are only taken from MK DB?
Hackers can get the data from several sites and they can accuse whoever they want.
If someone has the link, DM. I can check further with numbers which are not really have MK account and MK users.
WTF RBI’s new rule of not allowing these apps to store personal data should be implemented ASAP !!
I have already memorised my personal details.
After this rule gets implemented, we just need to enter our details every time before doing any txns.
Chalo mobikwik office unki * todne
tute hue ko aur kya todege saheb!!
pM me the link
Yes, data is there.
You need Tor Browser to access.
Lol Even detail of Mobikwik Founder UPASANA RUPKRISHAN TAKU is available.
Haiiii Main Lut Gaya, Barbaad Ho Gayaa 😭😭
Ae Chandramukhi 😥
10₹ hein wallet mein use kar lun? I keep only 10₹ for 10pe10 recharge
Thanks Gaurav_G for making us aware
seems this leak is happened in Jan 2021 as claimed by a twitter user @ rajaharia
https://twitter.com/rajaharia/status/1367438237...
But mobi***k denied the leak and said they will take legal action against Rajaharia for alleging without proper evidence
https://techdator.net/mobikwik-denied-kyc-and-c...
That’s unbelievable
This data is on sale since months and they said will take legal action instead of investigating?!?!?!?
That’s some next level anti-consumer policies
The amount asked by the hacker is 1.5 BTC, not even Rs 1 crore. This shameless mobikwik itself can afford such a nominal amount and strike a deal with the hacker, and save some of their embarrassment. And come clean first of all, instead of denying, when everyone else can see the breach with their own eyes.
this crypto shit is doing more harm than good 😤. and never trust a single word of hackers/fraudsters.
even if mobi***k gives BTC, hacker can still sell that data to multiple parties in black/dark market. (may be its already sold)
Where to check??
Link please. Need to check which all cards are visible there
Please DM the link to me too someone who has it.
Surprising that Mobikwik is so eager to deny right away!
Does anyone have the onion link?
Bhai log ye sb data kha sell hota hai..?
Dark web ki kon si dukan(website) me 😇
Always don’t save card details in any app , it’s sure it will get leaked one day.
Entire credit goes to Mandatory KYC compliance for E-wallets by Idiots in order to promote UPI payments.
Only rules & regulations.. No Implementation
" The KYC guidelines are designed to strengthen safety and security of transactions and customer protection, RBI Deputy Governor BP Kanungo said "
Isn’t it the responsibility of RBI to make sure there aren’t any security loopholes w.r.t any wallet on a regular basis? Cancel the license if any vulnerability is found?
Obviously.. they might take some action now, but what’s the use?
Now hackers know everything about you to gain access to multiple websites (via KYC documents, phone numbers & email addresses)
CCs, DCs can be replaced easily but there’s a lot at stake now (Even replacing mobile number isn’t that simple)
Sadly, everyone with just phone number access can know a lot of details about you ( Including GPS location :sad: )
agar yeh baat sahi bhi hoyi to bhi Indian users kuch nahi kar sakte