MobiKwik Data Dump in Dark Web
Earlier this month, we’ve covered a story of MobiKwik where it’s alleged to have leaked about 11-crore of its users’ database. This was pointed out by an Indian independent researcher named Rajshekhar Rajaharia, who said that a hacker had access to MobiKwik’s dump via a leaking server since January this year. While MobiKwik immediately refuted his claims and even warned about filing a case against this report, it seems to be the incident is real and should get attention. This is because several other independent researchers are now reporting a dark website that listed out all the leaked records from the MobiKwik dump!
— Elliot Alderson (@fs0c131y) March 29, 2021 This was reported initially by Elliott Alderson, who earlier called for weak security in Aadhar and Aarogya Setu app. Now, he tweeted about a site that’s letting visitors make a free search throughout the MobiKwik database, which’s claimed to be from the earlier hack. The breadth of the database is unknown yet, but it’s reported to be 8.5TB and has KYC details of all MobiKwik’s registered users. KYC includes PII and also the images of users, which are sensitive. And since it’s interesting, many have started asking for the dump’s URL and the ones who’ve got are selling to others for a price!