Mobikwik data breach - personal data of 3.5 million users up for sale on dark web


deezcnuts

Active Member
Disciple

8.2 TB Of MobiKwik User Data Allegedly Hacked, Company Denies Breach

The data that’s on offer includes a total of 350 gigabytes of MySQL dumps that include 500 databases. It also consists of 99 million mail, phone passwords, addresses and data surrounding installed apps, IP addresses, GPS locations etc.
www.indiatimes.com www.indiatimes.com

Mobikwik data leak: Personal data of 3.5 million users up for sale on dark web; company denies claims

Mobikwik data leak: Reports suggest that personal data of 3.5 million Mobikwik users in India up for sale on dark web; company denies claims.
www.bgr.in www.bgr.in


Onion link- http://mobikwikoonux37wauz6oqymshuvebj5u763rutlogc2fb2o3ugcazid.onion/

I checked my details, matches what I had in my mobikwik profile. Checked for my friend, he confirmed the card details are correct.

Edit: password is hashed and card details partially blanked. I am assuming the leaker has them in full clear text, just removed them for public viewing.
 

JMP

Well-Known Member
Adept
Were you able to access the onion link?
The link never worked for me.
 

deezcnuts

Active Member
Disciple
Yes, but it works intermittently. Failed to connect to backed errors. I tried after a few minutes. Try a new node or refresh your tor connection.

Apparently, the breach happened on 4th March. Lots of people confirming data leak is real.
https://twitter.com/i/web/status/1367489330902675463

Edit- Onion link seems to be down now.
 
Last edited:

mk76

Well-Known Member
Adept

Mobikwik data breach said to be largest KYC leak, personal data of 3.5 million users up for sale on dark web

Payment app Mobiwik came under the scanner on Monday after a security researcher claimed that the data of 3.5 million users were put up for sale on dark web.
www.indiatoday.in www.indiatoday.in


Earlier they had denied. But several users are responding to this tweet.
https://twitter.com/i/web/status/1367489330902675463


Onion link for those who want to try
http://mobikwikoonux37wauz6oqymshuvebj5u763rutlogc2fb2o3ugcazid.onion/
Click to expand...
 

vishal_k

Active Member
Disciple
Onion link is working fine and its a very serious issue. govt is encouraging digitization but not at all serious for making law for data protection.
 

deezcnuts

Active Member
Disciple
Yup, unless there is a law to mandate good data security practices and severe fines for breaches, the companies have no incentive to actually care and spend money on data security.
 

iPwnz

Brutally Honest
Veteran
Looks like they are preparing a press release because they haven't said anything.
 

kalph09

Member
Disciple
Again, Not surprised at all. The key weakness with most mobile app/service startups is not investing enough in information security. They spend a lot on marketing and this is the price they pay.
 

JMP

Well-Known Member
Adept
I was able to access the site via tor this time, but the search feature is now disabled.
 

MrRobot

Member
Recruit
Bunch of bafoons, they should be penalized for this. Pancard, aadhar cards, photos, address, credit card numbers (masked) everything is available.

This is a criminal offence.
 

iPwnz

Brutally Honest
Veteran
Omg they are still in denial lol.
Speechless.
 

Goodfella

Member
Disciple
Other payment services and other services in general that collect such sensitive user information should learn from this and strengthen their security.
 

goDofWar_skr

Well-Known Member
Adept
Glad not to have done any KYC with them. Although had added a few credit card details into it.
Always got that shady vibe when using the app.
 
You must log in or register to reply here.