Today, data is the most important asset for everyone, and every day we see one or the other news on user data leak, even in the biggest companies have been facing such cases. This time, the Indian fintech company has come under suspicion as recently, the MobiKwik database of 10 crore users was seen on sale on the dark web. RBI has asked the company to investigate the matter, or the company will be penalized if found guilty.
The Biggest Data Leak
Recently many of the independent cybersecurity experts have claimed that they have found the MobiKwik user data on the dark web that too for sale. Another internet security researcher, Rajshekhar Rajaharia, had also tweeted about how he could access the MobiKwik and other fintech company user data on the web. He tweeted on 26 February 2021.
“Again!! 11 Crore Indian Cardholder’s Cards Data Including personal details & KYC soft copy(PAN, Aadhar, etc) allegedly leaked from a company’s Server in India. 6 TB KYC Data and 350GB compressed MySQL dump.”
Source: twitter.com
According to these security experts, the main source of the data leak is the UPI payment portals, and the data is for sale for 1.5 bitcoin or about $86,000. There are speculations that the hackers have created a separate system containing a total of 8.2 TB of data, where one can retrieve the information through a phone number or an email address. According to some of the experts, this data is also available via links, and many users have already tweeted how they have accessed their data (such as credit and debit card details) using those links.
MobiKwik’s Take on the Data Leak
MobiKwik has been denying the data leak and has addressed its users saying that the company has been taking all the measures to secure its customers’ data. One of the spokespeople of MobiKwik tweeted,
“The company has robust internal policies and information security protocols and is subjected to stringent compliance measures under its PCI-DSS, CISA, and ISO 27001;2013 certifications. These include annual security audits and quarterly penetration tests to ensure the security of its platform,” the tweet further stated, “the data available on the internet could have been uploaded by the users themselves on several platforms. For our users, we reiterate that all your MobiKwik accounts and balances are completely safe.”
Source: blog.mobikwik.com
On the claims of various security experts, the company said that these so-called media-crazed security experts have been creating chaos among MobiKwik users and wasting the precious time of the organization as well as members of the media. MobiKwik has also said that it may take legal action against these security researchers for defaming the company.
Also, MobiKwik confirmed that during the alleged first security breach, it had performed a thorough security check and investigated if there was any data leak, but it found nothing.
Reserve Bank of India Warns the Company
Since MobiKwik has been accused of about 110 million users’ data leaks multiple times, RBI has warned the company that if it is found guilty, it has to pay a huge penalty for that. RBI, being the central bank of India, has all rights to penalized a company that is risking the data of the Indian public.
Though MobiKwik has said that it has already performed an audit, RBI has asked MobiKwik to retain an external auditor to conduct a forensic audit as RBI isn’t sure of the audit performed by the MobiKwik team. The results of the audit may get the fin-tech company under great pressure, as if it is found guilty of the breach, it will have to face some consequences. According to the Reuter, MobiKwik may have to pay a minimum of Rs 500,000 to RBI if it is found to be a part of the data leak.
Yashica is a Software Engineer turned Content Writer, who loves to write on social causes and expertise in writing technical stuff. She loves to watch movies and explore new places. She believes that you need to live once before you die. So experimenting with her life and career choices, she is trying to live her life to the fullest.