Soon after MobiKwik officially denied reports of the “largest KYC data breach” for the second time in a month, the hacker in a post on Raid Forum claimed that he has voluntarily deleted data backups of over 10 crore MobiKwik users. This is a bit surprising as the hacker–who goes by the name “ ninja_storm”– had put up 8.2TB data of MobiKwik users for sale at a price of 1.5 Bitcoin which translates to around Rs 65 lakh just three days back, on March 27, 2021.
While the alleged data breach itself was a public relations nightmare for MobiKwik, what’s concerning here is that the hacker appears to have got access to personal data of 10 crore users of MobiKwik for over a month. According to cyber security researcher Rajshekhar Rajaharia, the hacker got access to the data around January 21, 2021.
This 8.2TB data backup is said to have “email, phone number, passwords, addresses, other apps installed on users’ phone, phone manufacturer’s names, IP addresses, GPS location, etc of 10 crore users. Among the 10 crore users, the data base had bank card details of 4 crore users and merchant KYC data of 30 lakh users. The KYC data included “passports, Aadhaar cards, PAN cards, selfie, store picture proof etc used to get loans on the site,” as per the hacker.