Hackers have leaked the data such as mobile phone number, bank account details, email, and credit card numbers of 9.9 crore Indians allegedly of Mobikwik users, which the digital payments company has strongly denied. The disclosure about the data leak was made by cybersecurity analyst Rajashekhar Rajaharia who has also written to the Reserve Bank of India, Indian computer emergency response team, PCI Standards, and payment technology firms, etc.
A hacker group by the name of Jordandaven emailed the link of the database to PTI and said that they do not have any intention of using the data except to get money from the company and delete it from their end.
Jordandaven shared the data of Mobikwik founder Bipin Preet Singh and Mobikwik CEO Upasana Taku from the database.
When contacted, Mobikwik denied the claim.
The company’s spokesperson said that as a regulated entity, it takes data security very seriously and is fully compliant with applicable data security laws.
“The company is subjected to stringent compliance measures under its PCI-DSS and ISO Certifications which includes annual security audits and quarterly penetration tests to ensure the security of its platform. As soon this matter was reported, the company undertook a thorough investigation with the help of external security experts and did not find any evidence of a breach,” the Mobikwik spokesperson said.
Hackers maintained that the database is of Mobikwik and uploaded several pictures of Mobikwik QR code along with documents used for ‘Know Your Customer’ compliance mainly the Aadhaar and PAN card.
A media-crazed so-called security researcher has repeatedly over the last week presented concocted files wasting precious time of our organization while desperately trying to grab media attention.We thoroughly investigated his allegations and did not find any security lapses. 1/n
— MobiKwik (@MobiKwik) March 4, 2021
Mobikwik said that it is closely working with requisite authorities on this matter, and considering the seriousness of the allegations will get a third party to conduct a forensic data security…