Hackers have leaked the data such as mobile phone number, bank account details, email, and credit card numbers of 9.9 crore Indians allegedly of Mobikwik users which the digital payments company has strongly denied.
The disclosure about the data leak was made by cyber security analyst Rajashekhar Rajaharia who has also written to the Reserve Bank of India, Indian computer emergency response team, PCI Standards and payment technology firms etc.
A hacker group by the name of Jordandaven emailed the link of the database to PTI and said that they do not have any intention of using the data except to get money from the company and delete it from their end.
Jordandaven shared that data of Mobikwik founder Bipin Preet Singh and Mobikwik CEO Upasana Taku from the database.
When contacted, Mobikwik denied the claim.
The company's spokesperson said that as a regulated entity, it takes data security very seriously and is fully compliant with applicable data security laws.
"The company is subjected to stringent compliance measures under its PCI-DSS and ISO Certifications which includes annual security audits and quarterly penetration tests to ensure security of its platform. As soon this matter was reported, the company undertook a thorough investigation with the help of external security experts and did not find any evidence of a breach," the Mobikwik spokesperson said.
Hackers maintained that the database is of Mobikwik and uploaded several pictures of Mobikwik QR code along with documents used for 'Know Your Customer' compliance mainly Aadhaar and Pan card.
Mobikwik said that it is closely working with requisite authorities on this matter, and considering the seriousness of the allegations will get a third party to conduct a forensic data security audit.
"For its users, the company reiterates that all MobiKwik accounts and balances are completely safe," the company spokesperson said.
Rajaharia said that government authorities should thoroughly investigate the data leak immediately as it has wider ramifications that can potentially lead to several financial frauds.
"Full 16 digit card numbers might be unmasked because their encryption algorithm is public now. This massive data breach might be a threat for other banks, and wallets because these days each and every data set is connected to each other," Rajaharia said.
He said that everyone should immediately change the password of their bank account, credit cards etc to keep their money safe.
