MobiKwik Data Leak: RBI orders MobiKwik to urgently probe alleged data leak – The Economic Times

Clipped from: https://economictimes.indiatimes.com/tech/tech-bytes/rbi-orders-mobikwik-to-urgently-probe-alleged-data-leak/articleshow/81838000.cmsSynopsis

MobiKwik, which is backed by Sequoia Capital and Bajaj Finance, has faced growing criticism this week for denying a data leak many customers and digital rights activists say is linked to the firm’s database.

Mumbai: The Reserve Bank of India (RBI) has ordered digital payments firm MobiKwik to investigate the alleged data leak of nearly 110 million customers, Reuters reported on Thursday.

In the event of “lapses” the company could also face fines, according to the report citing unnamed sources, adding that “RBI was not happy with the company’s initial response”.

ET could not immediately verify whether RBI had taken up the matter with the company.

When contacted, a MobiKwik spokesperson told ET: “We take the privacy and security of our user data very seriously. We are working closely with requisite authorities to conduct an independent forensic audit.”

RBI did not respond to emails seeking comment, as of publishing this story.

The Gurugram-based fintech startup has denied the MobiKwik data leak even as several independent cybersecurity researchers flagged it as the biggest data breach in India’s corporate history about a month ago.

“The RBI has given MobiKwik an ultimatum and ordered them to retain an external auditor to conduct a forensic audit,” the person cited by Reuters said, adding that the central bank could also impose fines if the breach is proven.

In a statement released on Twitter, founder Bipin Preet Singh said that MobiKwik was not to blame for user information being available on the dark web as “users could have uploaded their information on multiple platforms.” Singh also said that an earlier audit of its systems had found no irregularities.

Dark web refers to that area of cyberspace where content cannot be searched using normal search engines because it is encrypted.

The nature and details of the alleged MobiKwik data leak were flagged by security researchers Technadu and Rajshekhar Rajaharia over a month ago.

Earlier, in a statement released on March 4, MobiKwik had accused the researchers that made the breach public of presenting “concocted files” as evidence.

Over 8 terabytes (TB) worth of personal user information such as email IDs, phone numbers, names, addresses, passwords, GPS locations, and data related to users’ mobile devices is believed to have been stolen from Mobikwik’s main server by a hacker named ‘Jordan Daven’ and put on dark-web forums on January 20.

The personal data of merchants that have procured loans through Mobikwik have also reportedly been on sale in exchange for bitcoins. The leak is also believed to contain card numbers and hashes of over 40 million Mobikwik customers.

Founded in 2009 by Singh and Upasana Taku, MobiKwik counts the likes of Sequoia Capital and American Express as investors. The fintech platform is eyeing a public listing in the next financial year.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s