Poll: Do you agree that a Data Protection Law is must for India?
Poll has expired, here are the final results

Hot Deal Has Mobikwik suffered one of the biggest data breaches ever in India?

5588°
Deal Wiki
+
Deal Captain
100
8637
120

Hello,

I was just browsing casually when something really surprising caught my attention.

From multiple sources, it seems that Mobikwik has allegedly suffered the biggest data breach ever flushed flushed

The data breach leaks information like :-

1. Mobikwik Account Phone Numbers
2. Your full name
3. Your KYC documents like PAN & Aadhaar
4. E-mail addresses
5. Hashed passwords
6.Debit/Credit Card details
7.Your GPS location
8. Phone model details including IMEI
9. Other apps in your system.

Looks like Mobikwik hasn’t come up with any official clarification regarding this. If true this will be the biggest data breach ever and will be catastrophic confused


IMG-20210329-141532
Multiple sources have this news like:-

1.
https://mobile.twitter.com/XploitWizer/status/1...

2. https://www.databreaches.net/in-threat-actor-of...

3. https://mobile.twitter.com/fs0c131y/status/1376...

Please note that this is unverified as Mobikwik has not issued any official clarification and also this information is available on other public websites where it was originally posted and I also hope it’s not true however it certainly raises a question on Indian companies and if at all they are trying to safeguard our data.

A data protection law is must for India these days grin

Deal Wiki

Disclaimer :- Please note that this is unverified information. I’m not criticizing Mobikwik directly in any way. This post is just for awareness and discussion. I personally love Mobikwik offers very much. However by historical trends every company has refused to accept any data breach information at first instance. These information regarding the alleged breach are available publicly in websites with links given we are just discussing about it here

Check it out – detailed news

https://hindi.thequint.com/tech-and-auto/cyber-...

567 Comments  |  
170 Dimers
  • Sort By
51
104
4
Expand
avgn wrote:

So that part is secured somewhat right?

Only concern is aadhaar, pan?

You are not understanding bhai. THe link is shared by hacker. He has decided not toshow the details. So the card details may be masked or may not be masked we don’t know.

I don’t have a KYC with Mobi so i don’t know if the link shows that data. But it showed the bank account which i added in 2015 in the mobikwick when the withdrawal to bank account was allowed.

2,110
8744
84
Moderator
Expand
avgn wrote:

So that part is secured somewhat right?

Only concern is aadhaar, pan?

Nothing secured bro.. masked by them only but visible to all.
The Q is why they have to store CVV? Is that legal??

0
47109
408
Expand
Gaurav_G wrote:

I entered just my number I could see everything from name saved cards banks to account creation date

PM me the Link please. I wish to know when I created this account 😊

71
66967
650
Expand
teragoel wrote:

You are not understanding bhai. THe link is shared by hacker. He has decided not toshow the details. So the card details may be masked or may not be masked we don’t know.

I don’t have a KYC with Mobi so i don’t know if the link shows that data. But it showed the bank account which i added in 2015 in the mobikwick when the withdrawal to bank account was allowed.

Arey you and Gaurav said that you accessed the link.
So I was asking you whether the card details are masked in the actual link or not. In screenshot ofcourse i can see its masked

51
104
4
Expand
avgn wrote:

Arey you and Gaurav said that you accessed the link.
So I was asking you whether the card details are masked in the actual link or not. In screenshot ofcourse i can see its masked

Its masked when you access through the link.

109
519
4
Expand
avgn wrote:

Arey you and Gaurav said that you accessed the link.
So I was asking you whether the card details are masked in the actual link or not. In screenshot ofcourse i can see its masked

Cards are masked, but bank account names are given full, with IFSC codes

9
2265
23
Expand
deb3l wrote:

Expected! expressionless

These companies will deny the truth till it becomes impossible to deny. And then they will say – Sorry India. angry

109
519
4

These guys want to go for IPO speak_no_evil

70
2333
8
Expand
deb3l wrote:

Nothing secured bro.. masked by them only but visible to all.
The Q is why they have to store CVV? Is that legal??

They should not store cvv as per rbi rules.

And as per new rules they should not store card it self. We should add card details everytime we make transactions.

2,110
8744
84
Moderator
Expand
Bk100 wrote:

They should not store cvv as per rbi rules.

And as per new rules they should not store card it self. We should add card details everytime we make transactions.

But, almost all portals do the same. triumph

#SedLife

70
2333
8
Expand
deb3l wrote:

But, almost all the portals do the same. triumph

#SedLife

Paytm phonepe dose not store cvv. At the time of adding money I always asked cvv. In mobikwik I not added my card. Every time I enter details. So dont know weather they store cvv Or not.

100
3224
32

WTF flushed RBI’s new rule of not allowing these apps to store personal data should be implemented ASAP !!
I have already memorised my personal details.
After this rule gets implemented, we just need to enter our details every time before doing any txns.

51
104
4
Expand
Bk100 wrote:

They should not store cvv as per rbi rules.

And as per new rules they should not store card it self. We should add card details everytime we make transactions.

For domestic txns the information is useless I think but for international txns only card number and the name on the card is enough to do txn I think.

I see this with payzapp sometimes where it does not ask for cvv and directly takes us to the otp page.

104
541
4

Chalo mobikwik office unki * todne grin sweat_smile

51
104
4
xera0117 wrote:

Chalo mobikwik office unki * todne grin sweat_smile

tute hue ko aur kya todege saheb!!

0
696
8

pM me the link

0
7038
146

Yes, data is there.
You need Tor Browser to access.
Lol Even detail of Mobikwik Founder UPASANA RUPKRISHAN TAKU is available.

70
2333
8
Expand
teragoel wrote:

For domestic txns the information is useless I think but for international txns only card number and the name on the card is enough to do txn I think.

I see this with payzapp sometimes where it does not ask for cvv and directly takes us to the otp page.

Disable international transaction on cards. It secures your cards somewhat.

Disable ecom transaction when you are not doing online transactions. Enable online transaction when you are doing online transactions and after completing transaction again disable it. It solves most of card misuse problem.

9
2265
23

@Gaurav_G you are right about this mobikwik fiasco. pensive

294
6877
72
Expand
Bk100 wrote:

They should not store cvv as per rbi rules.

And as per new rules they should not store card it self. We should add card details everytime we make transactions.

So RBI knew the how good is data security of these companies
Good move by RBI
The worst app, bhikari offer like 10CB, now this terrible news

0
47109
408
drsa478 wrote:

@Gaurav_G you are right about this mobikwik fiasco. pensive

Haiiii Main Lut Gaya, Barbaad Ho Gayaa 😭😭
Ae Chandramukhi 😥

10₹ hein wallet mein use kar lun? I keep only 10₹ for 10pe10 recharge

Thanks Gaurav_G for making us aware

203
2334
60

The amount asked by the hacker is 1.5 BTC, not even Rs 1 crore. This shameless mobikwik itself can afford such a nominal amount and strike a deal with the hacker, and save some of their embarrassment. And come clean first of all, instead of denying, when everyone else can see the breach with their own eyes.

100
8637
120
b4tm4n wrote:

seems this leak is happened in Jan 2021 as claimed by a twitter user @ rajaharia
https://twitter.com/rajaharia/status/1367438237...
But mobi***k denied the leak and said they will take legal action against Rajaharia for alleging without proper evidence flushed
https://techdator.net/mobikwik-denied-kyc-and-c...

That’s unbelievable

This data is on sale since months and they said will take legal action instead of investigating?!?!?!?

That’s some next level anti-consumer policies

9
2265
23
Expand
saucap wrote:

Haiiii Main Lut Gaya, Barbaad Ho Gayaa 😭😭
Ae Chandramukhi 😥

10₹ hein wallet mein use kar lun? I keep only 10₹ for 10pe10 recharge

Thanks Gaurav_G for making us aware

How did you added that 10 rupees to wallet?

Missing