100 million Indians’ data on dark web sales..
The mobile payment platform Mobikwik scanner reportedly surfaced after cybersecurity researcher Rajasekhar Rajgharia put 100 million of its users’ data on sale on the hacker platform. This data breech has been claimed by a group of hackers known as ‘Ninja-Storm’ who have been selling ‘leaked’ data online since 26 March. According to a post by the hacker group, the data are selling at 1.5 bitcoins, worth around Rs 63 lakh.
The researcher said that the data of 10 crore Indians, which included KYC (Know-Your-Customer) forms, debit card numbers and other personal details, had been leaked from a Mobikwik server, following which, several users could independently verify their data being leaked on the dark web link that is being circulated on the internet.
On 26 March, a group of hackers created a search engine on the dark site where users can search their leaked information.
A massive data breach has been reported by cyber security experts claiming that the personal data of 10 crore Indians have been allegedly leaked.
Since then lakhs of users took to Twitter and posted screenshots of their data being leaked. Cyber security researcher Elliot Laderson called this leak the ‘largest KYC data leak in the history’. The data dump on the dark net is reported to be around 350GB in size.
The data is being sold at 1.5 Bitcoins which comes to Rs 63 lakhs(approx).
The alleged data leak includes..
Aadhaar Card number
Pan Card
Selfies
Picture Proof
Credit Card Number
Debit Card Number
E-mail address
Phone Number
Passport Number
Passwords
IP Address
GPS location
Mobikwik Denies Claims
Earlier in February, when Rajaharia spotted the alleged data leak, the researcher reached out to the company.
Taking it to Twitter, Rajaharia said, “11 Crore Indian cardholders’ data allegedly leaked from @MobiKwik Server, a hacker claimed. It seems the hacker still has their data. Backup was alleged taken on 20 Jan 2021. He claims to have Mobikwik access since last 30 days. @RBI @IndianCERT Please look into this matter.
However, the payment platform in a tweet said, “A media-crazed so-called security researcher has repeatedly over the last week presented concocted files wasting precious time of our organisation while desperately trying to grab media attention. We thoroughly investigated his allegations and did not find any security lapses.
“Our user and company data is completely safe and secure. The various sample text files that he has been showcasing prove nothing. Anyone can create such text files to falsely harass any company,” the company added in a tweet on 4 March.
Sharing his thoughts Independent Cyber Security Researcher Sourajeet Majumder said, “As per this breach, a huge number of people have alleged that they could find their own data in this dump, and thus the best practice for them would be to contact their bank and block the credit cards which they found as a part of this dump.
