3.5 Million Customers KYC Information Leaked in Alleged MobiKwik Hack

Share Article
In Brief
  • Indian payment app and wallet MobiKwik has been allegedly hacked, with 3.5 million customers’ KYC information being leaked.

  • The 8.2 TB of data was listed for sale on a hacker forum for 1.5 Bitcoin.

  • MobiKwik has denied the hack, and also threatened to sue a journalist who previously made a similar revelation.

  • promo

    Want to learn how to trade? Get a beginners guide from _BeInCrypto Academy_ now!

The Trust Project is an international consortium of news organizations building standards of transparency.

Indian payment and wallet service provider MobiKwik has allegedly been hacked. Nearly 3.5 million customers’ KYC information may have been leaked.



Although MobiKwik has denied the hack, other sources appear to have confirmed it. A seller is listing the 8.2 TB of KYC data on a dark web forum for hackers for sale at 1.5 bitcoin (BTC).



MobiKwik’s KYC Data on the Dark Web

MobiKwik was founded in Gurugram, India, in 2009. The company offers payment services and a digital wallet via a mobile app. Then in 2016, The company began offering small loans to users. This required users to begin submitting Know-Your-Customer (KYC) information. 

According to independent researcher Rajshekhar Rajaharia, the KYC data hacked from MobiKwik has appeared on a dark web forum for hackers. The seller set up a portal where a user can search by phone number or email ID and get specific results out of a total of 8.2 TB of data. A buyer can receive exclusive rights to the entire database for 1.5 BTC. Apparently, a user has already tried to scrape the entire 99 million entries.

According to the seller, each database entry can raise $500-$1,000 of loans in Indian currency. This could make the 1.5 BTC investment worth up to $3 billion. The seller claims he has already been able to acquire loans with the information as a proof-of-concept.

The Company has Denial

Regarding this incident, MobiKwik responded, saying: “Some media-crazed so-called security researchers have repeatedly attempted to present concocted files wasting precious time of our organization as well as members of the media. We thoroughly investigated and did not find any security lapses. Our user and company data is completely safe and secure.”

However, this response does not explain why the seller is also claiming the data source is MobiKwik. Also, samples seen on the portal contain images of MobiKwik QR codes.

The “media-crazed so-called security researchers” is a veiled reference to Rajaharia. Earlier this month, the internet security researcher tweeted that cardholder data had been leaked from MobiKwik’s server. MobiKwik denied that allegation as well and threatened Rajaharia with litigation for making the allegations without proper evidence. However, the company admitted to a data breach that occurred in 2010.

Although this may prove to be the largest leak of KYC information so far, many smaller hacking instances happen with alarming frequency. On March 15, hackers hijacked the domain names of PancakeSwap and Cream Finance. Users trying to access these sites were directed to an unknown address and solicited for their wallet seed phrases. Earlier in February, another hacker stole $37.5 million from Cream.

Disclaimer

All the information contained on our website is published in good faith and for general information purposes only. Any action the reader takes upon the information found on our website is strictly at their own risk.
Share Article

Nick is a data scientist who teaches economics and communication in Budapest, Hungary, where he received a BA in Political Science and Economics and an MSc in Business Analytics from CEU. He has been writing about cryptocurrency and blockchain technology since 2018, and is intrigued by its potential economic and political usage. He can best be described as an optimistic center-left skeptic.

Follow Author

Trade with the Best Crypto Signals - guaranteed profits with over 70% accuracy

Join now

Want to learn how to trade? Get a beginners guide from BeInCrypto Academy!

Learn now