Poll: Do you agree that a Data Protection Law is must for India?
Poll has expired, here are the final results

Hot Deal Has Mobikwik suffered one of the biggest data breaches ever in India?

5591°
Deal Wiki
+
Deal Captain
100
8637
120

Hello,

I was just browsing casually when something really surprising caught my attention.

From multiple sources, it seems that Mobikwik has allegedly suffered the biggest data breach ever flushed flushed

The data breach leaks information like :-

1. Mobikwik Account Phone Numbers
2. Your full name
3. Your KYC documents like PAN & Aadhaar
4. E-mail addresses
5. Hashed passwords
6.Debit/Credit Card details
7.Your GPS location
8. Phone model details including IMEI
9. Other apps in your system.

Looks like Mobikwik hasn’t come up with any official clarification regarding this. If true this will be the biggest data breach ever and will be catastrophic confused


IMG-20210329-141532
Multiple sources have this news like:-

1.
https://mobile.twitter.com/XploitWizer/status/1...

2. https://www.databreaches.net/in-threat-actor-of...

3. https://mobile.twitter.com/fs0c131y/status/1376...

Please note that this is unverified as Mobikwik has not issued any official clarification and also this information is available on other public websites where it was originally posted and I also hope it’s not true however it certainly raises a question on Indian companies and if at all they are trying to safeguard our data.

A data protection law is must for India these days grin

Deal Wiki

Disclaimer :- Please note that this is unverified information. I’m not criticizing Mobikwik directly in any way. This post is just for awareness and discussion. I personally love Mobikwik offers very much. However by historical trends every company has refused to accept any data breach information at first instance. These information regarding the alleged breach are available publicly in websites with links given we are just discussing about it here

Check it out – detailed news

https://hindi.thequint.com/tech-and-auto/cyber-...

567 Comments  |  
170 Dimers
  • Sort By
19
47144
409
Expand
drsa478 wrote:

How did you added that 10 rupees to wallet?

Debit Card

50
4299
35

Where to check??

50
4299
35
Expand
saucap wrote:

Debit Card

That card details have been leaked according to this source ☹️

19
47144
409
Expand
Vaastav wrote:

That card details have been leaked according to this source ☹️

Yes. Will get a new card issued by my bank a d will never use it online. Don’t know which site is safe which not.

9
2265
23
Expand
saucap wrote:

Debit Card

Then doesn’t matter you have 10 rs or 10k in wallet. You card details is compromised. Which is the main issue.

0
322
32

Link please. Need to check which all cards are visible there

50
20
0

Please DM the link to me too someone who has it.

Surprising that Mobikwik is so eager to deny right away!

6,819
30912
71
Moderator
Gaurav_G wrote:

@Awake @BubbleBoyChickenLittle @guest_999 @Mayavi @bikidas2060

Has anyone tried in that link with number not linked with Mobikwik?
It doesn’t show any data? or its show some data related to that number?
Whats the guarantee that all datas are only taken from MK DB?
Hackers can get the data from several sites and they can accuse whoever they want.

If someone has the link, DM. I can check further with numbers which are not really have MK account and MK users.

100
3234
32
mas143forever wrote:

The amount asked by the hacker is 1.5 BTC, not even Rs 1 crore. This shameless mobikwik itself can afford such a nominal amount and strike a deal with the hacker, and save some of their embarrassment. And come clean first of all, instead of denying, when everyone else can see the breach with their own eyes.

this crypto shit is doing more harm than good 😤. and never trust a single word of hackers/fraudsters.
even if mobi***k gives BTC, hacker can still sell that data to multiple parties in black/dark market. (may be its already sold) confused

114
638
38

Does anyone have the onion link?

219
4809
13
Expand
Mayavi wrote:

Has anyone tried in that link with number not linked with Mobikwik?
It doesn’t show any data? or its show some data related to that number?
Whats the guarantee that all datas are only taken from MK DB?
Hackers can get the data from several sites and they can accuse whoever they want.

If someone has the link, DM. I can check further with numbers which are not really have MK account and MK users.

Do tag me bro if u get any additional info/details… blush

96
2084
12
Expand
Mayavi wrote:

Has anyone tried in that link with number not linked with Mobikwik?
It doesn’t show any data? or its show some data related to that number?
Whats the guarantee that all datas are only taken from MK DB?
Hackers can get the data from several sites and they can accuse whoever they want.

I am confirming data is authentic as 5 years ago mobikwik blocked my account citing duplicate account and I keep original one and dropped remaining but that details is also showing like Gmail

152
2405
8
Expand
Mayavi wrote:

Has anyone tried in that link with number not linked with Mobikwik?
It doesn’t show any data? or its show some data related to that number?
Whats the guarantee that all datas are only taken from MK DB?
Hackers can get the data from several sites and they can accuse whoever they want.

If someone has the link, DM. I can check further with numbers which are not really have MK account and MK users.

Even with all data – they can’t able to do much harm if customer are careful and even with card details they need otp for accessing money.

Unless customer phone is not compromised
or customer himself shares that otp they cant able to get that otp.

88
843
6

Bhai log ye sb data kha sell hota hai..?
Dark web ki kon si dukan(website) me 😇

105
5759
55
Expand
Bk100 wrote:

Even with all data – they can’t able to do much harm if customer are careful and even with card details they need otp for accessing money.

Unless customer phone is not compromised
or customer himself shares that otp they cant able to get that otp.

Many will still get conned
And also international transactions bro

54
12098
222

Always don’t save card details in any app , it’s sure it will get leaked one day.

152
2405
8
Expand
BubbleBoyChickenLittle wrote:

Many will still get conned
And also international transactions bro

Disable international transactions / indian online transaction on your card when you are not using it. Its very helpful . Only enable when you are using that card..

504
30170
328

Entire credit goes to Mandatory KYC compliance for E-wallets by Idiots in order to promote UPI payments.
Only rules & regulations.. No Implementation

" The KYC guidelines are designed to strengthen safety and security of transactions and customer protection, RBI Deputy Governor BP Kanungo said "

Isn’t it the responsibility of RBI to make sure there aren’t any security loopholes w.r.t any wallet on a regular basis? Cancel the license if any vulnerability is found?
Obviously.. they might take some action now, but what’s the use?

Now hackers know everything about you to gain access to multiple websites (via KYC documents, phone numbers & email addresses)
CCs, DCs can be replaced easily but there’s a lot at stake now (Even replacing mobile number isn’t that simple)
Sadly, everyone with just phone number access can know a lot of details about you ( Including GPS location :sad: )

6,819
30912
71
Moderator
Expand
Bk100 wrote:

Even with all data – they can’t able to do much harm if customer are careful and even with card details they need otp for accessing money.

Unless customer phone is not compromised
or customer himself shares that otp they cant able to get that otp.

Obviously, I can see they share the image of Some DB, DB fields stored first 6 digits, last 4 digitgs, CardID and Cardhash.
So, basically hacker cant get access to full card details with this info. (Without knowing the hash Algorithm used by the site to convert actual data to hashes, no one can get full details).
Thats why he created Panic on public.
otherwise, with full card details He can do Intl Trxn without any more difficuly and silently can loot throughout his lifetime stuck_out_tongue

If we are good enough to handle our cards, its not a issue. But everyone will be not on the same side.

@Himanshu1234567

50
4299
35
mas143forever wrote:

The amount asked by the hacker is 1.5 BTC, not even Rs 1 crore. This shameless mobikwik itself can afford such a nominal amount and strike a deal with the hacker, and save some of their embarrassment. And come clean first of all, instead of denying, when everyone else can see the breach with their own eyes.

Why the hacker is asking in BTC 🤭 Should have asked in XMR. Might be a great hacker but definitely is a newbie in crypto joy

152
2405
8
Expand
Mayavi wrote:

Obviously, I can see they share the image of Some DB, DB fields stored first 6 digits, last 4 digitgs, CardID and Cardhash.
So, basically hacker cant get access to full card details with this info. (Without knowing the hash Algorithm used by the site to convert actual data to hashes, no one can get full details).
Thats why he created Panic on public.

If we are good enough to handle our cards, its not a issue. But everyone will be not on the same side.

@Himanshu1234567

Even if they able to get all 16 digits of card and cvv and validity of card then also you will get otp on your registered phone number.

Even if they get otp and get amount then also you can dispute that transaction and banks usually refund money lost due to fraud in dc and cc.

50
4299
35

@Bk100
Otp is not required for International sites. So better disable your international transactions. 

152
2405
8
Expand
Vaastav wrote:

Why the hacker is asking in BTC 🤭 Should have asked in XMR. Might be a great hacker but definitely is a newbie in crypto joy

Xmr? What is it?

Btc is Bitcoin.

I dont know much about Cryptocurrancy

9
2265
23
Expand
Mayavi wrote:

Has anyone tried in that link with number not linked with Mobikwik?
It doesn’t show any data? or its show some data related to that number?
Whats the guarantee that all datas are only taken from MK DB?
Hackers can get the data from several sites and they can accuse whoever they want.

If someone has the link, DM. I can check further with numbers which are not really have MK account and MK users.

Just got my number checked. 100% matching with data shared with mobishit. Also date of account opening is correct. So its from mobishit only.

50
4299
35

@Bk100
It’s a privacy coin. And it would have been perfect in this case. 

50
4299
35

@drsa478

Where to check??


On Dark Web??

If yes then do share onion link 

152
2405
8
Vaastav wrote:

@Bk100
Otp is not required for International sites. So better disable your international transactions. 

By default all dc and cc international transactions disabled as per rbi rules.

Who enabled it voluntarily can disable it untill dust settles or can get new cc or dc by blocking old ones.

9
2265
23
Expand
Bk100 wrote:

Xmr? What is it?

Btc is Bitcoin.

I dont know much about Cryptocurrancy

Kahin wo tum hi toh nahin. stuck_out_tongue_winking_eye
What say @Vaastav? grinning

0
2966
25
EVERYONE TURN OFF INTERNATIONAL TXNS TO BE ON THE SAFE SIDE AND AVOID VISITING TOR BROWSER LINK
6,819
30912
71
Moderator
Expand
Bk100 wrote:

Even if they able to get all 16 digits of card and cvv and validity of card then also you will get otp on your registered phone number.

Even if they get otp and get amount then also you can dispute that transaction and banks usually refund money lost due to fraud in dc and cc.

For Intl transaction, it doesn’t require OTPs.
Yes, we can mark the trxns as Fraud/dispute.

There is also a possibility that it may not be the breach, rather some internal employes/devs/hackers itself leaked and claiming as breach. smile

Missing