Trusted

3.5 Million Customers KYC Information Leaked in Alleged MobiKwik Hack

2 mins
Updated by Anirudh Tiwari
Join our Trading Community on Telegram

In Brief

  • Indian payment app and wallet MobiKwik has been allegedly hacked, with 3.5 million customers’ KYC information being leaked.
  • The 8.2 TB of data was listed for sale on a hacker forum for 1.5 Bitcoin.
  • MobiKwik has denied the hack, and also threatened to sue a journalist who previously made a similar revelation.
  • promo

Indian payment and wallet service provider MobiKwik has allegedly been hacked. Nearly 3.5 million customers’ KYC information may have been leaked.

Although MobiKwik has denied the hack, other sources appear to have confirmed it. A seller is listing the 8.2 TB of KYC data on a dark web forum for hackers for sale at 1.5 bitcoin (BTC).

MobiKwik’s KYC Data on the Dark Web

MobiKwik was founded in Gurugram, India, in 2009. The company offers payment services and a digital wallet via a mobile app. Then in 2016, The company began offering small loans to users. This required users to begin submitting Know-Your-Customer (KYC) information. 

According to independent researcher Rajshekhar Rajaharia, the KYC data hacked from MobiKwik has appeared on a dark web forum for hackers. The seller set up a portal where a user can search by phone number or email ID and get specific results out of a total of 8.2 TB of data. A buyer can receive exclusive rights to the entire database for 1.5 BTC. Apparently, a user has already tried to scrape the entire 99 million entries.

According to the seller, each database entry can raise $500-$1,000 of loans in Indian currency. This could make the 1.5 BTC investment worth up to $3 billion. The seller claims he has already been able to acquire loans with the information as a proof-of-concept.

The Company has Denial

Regarding this incident, MobiKwik responded, saying: “Some media-crazed so-called security researchers have repeatedly attempted to present concocted files wasting precious time of our organization as well as members of the media. We thoroughly investigated and did not find any security lapses. Our user and company data is completely safe and secure.”

However, this response does not explain why the seller is also claiming the data source is MobiKwik. Also, samples seen on the portal contain images of MobiKwik QR codes.

The “media-crazed so-called security researchers” is a veiled reference to Rajaharia. Earlier this month, the internet security researcher tweeted that cardholder data had been leaked from MobiKwik’s server. MobiKwik denied that allegation as well and threatened Rajaharia with litigation for making the allegations without proper evidence. However, the company admitted to a data breach that occurred in 2010.

Although this may prove to be the largest leak of KYC information so far, many smaller hacking instances happen with alarming frequency. On March 15, hackers hijacked the domain names of PancakeSwap and Cream Finance. Users trying to access these sites were directed to an unknown address and solicited for their wallet seed phrases. Earlier in February, another hacker stole $37.5 million from Cream.

Top crypto projects in the US | October 2024
Coinbase Coinbase Explore
Coinrule Coinrule Explore
3Commas 3Commas Explore
Uphold Uphold Explore
Chain GPT Chain GPT Explore
Top crypto projects in the US | October 2024
Coinbase Coinbase Explore
Coinrule Coinrule Explore
3Commas 3Commas Explore
Uphold Uphold Explore
Chain GPT Chain GPT Explore
Top crypto projects in the US | October 2024

Disclaimer

In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and ConditionsPrivacy Policy, and Disclaimers have been updated.

photo_Nick.jpg
Nicholas Pongratz
Nick is a data scientist who teaches economics and communication in Budapest, Hungary, where he received a BA in Political Science and Economics and an MSc in Business Analytics from CEU. He has been writing about cryptocurrency and blockchain technology since 2018, and is intrigued by its potential economic and political usage.
READ FULL BIO
Sponsored
Sponsored