Mobikwik KYC Data Exposed on DARKNET

The Hackers Meetup
4 min readApr 16, 2021

--

Mobikwik is an Indian company founded back in 2009 by Bipin Preet Singh. It provides a Digital Wallet to its customers allowing them to make digital payments. A few days back news started surfacing online that Mobikwik became a victim of the largest data leak in history. So now let’s briefly look into the details of what happened and who did it why, and more essentially what we should do now.

What happened?

This incident came into light earlier this Month when Mobikwik tweeted about the security measures of the company and false claims of its data breach. This was tweeted in response to the March 4th tweet of the security researcher Rajshekhar Rajaharia, who was informed about the data leak in Mobikwik. On 27th March, the hacker put the data on the darknet for sale, and the data breach was official now, even though the company kept denying it.

Rajshekar’s tweet on March 4

According to various sources and facts, a hacker group by the name of Jordan daven were able to hack the servers of the company and were able to access the backup data. Few of the data was in unencrypted form. All the data was sensitive KYC data including unmasked credit card numbers, phone numbers, address, GPS location, hashed password, Email address. They were able to access all the backup data back in January, according to security researcher Rajshekhar. This means Rajshekar’s 4th March tweet was a warning for the company which they simply denied saying Rajshekhar as “Media Crazed” security researcher.

Mobikwik Response

Who did it and why?

So as per facts this breach was carried out by the hacker group Jordan Daven, and the objective of the hacker was to gain money from the Company. Interestingly, the data was up on sale on darknet for 1.5 Bitcoin, the sources claimed. It was also said the hackers are in talks with the company to take down data from the dark net. And reportedly it was taken down.

The data was available on http://mobikwikoonux37wauz6oqymshuvebj5u763rutlogc2fb2o3ugcazid.onion this site can be accessed through TOR browser. However, the data has been taken down from this site.

Data Leak on Darknet
After the data was taken down

Many users were able to find their details on this link. The data leak is said to be around 8.2 TB in size, this is why it is said to be the largest KYC data leak. A lot of users were able to confirm the attack by finding their details in the leaked data.

A Mobikwik user found his data in the leak

What’s the company’s take now?

Mobikwik is still denying the attack and the data leak. Mobikwik in a message said that it is a regulated entity which takes its users data security very seriously and is fully compliant with the data security laws. They have annual security audits and are subjected to stringent compliance measures under its PCI-DSS, CISA, and ISO 27001:2013 certifications. They also said that they are investigating the issue after several users found their data in the dark net. Also to note, they said when this issue was first reported in the last month they investigated the issue with the help of external security experts and didn’t find any data breach, how strange? More on what company said can be found out on https://blog.mobikwik.com/message-from-the-company/

Rajshekar’s tweet on a bug he reported to Mobikiwk

This tweet was later taken by twitter calling it as violation terms and policies. How security researchers around the world are reacting to this.

Security Researcher Elliot Alderson
Security Researcher Zack Whittaker
Security Researcher Troy Hunt

What should the end user do now?

The best and only thing we as an end user can do now is to update our passwords and turn on 2 factor authentication for enhanced security. The company is investigating the matter and trying to come up with the resolution.

Blog Written By : Devansh Gandhi Twitter LinkedIn

--

--

The Hackers Meetup
The Hackers Meetup

Written by The Hackers Meetup

Initiative of @viralparmarhack to provide a proper platform for cyber security researchers & like-minded people to establish a community.

No responses yet