Data is often deemed as the currency of the 21st century (at least if you have seen the Social Dilemma) and hackers are the new age pirates. Thus, the need for data security is the most pertinent topic for tech companies, and when there’s a lapse, there’s usually a lot of criticism. This was the case for Indian fintech start-up MobiKwik, an online payments platform, which has recently been facing a lot of trouble after several independent researchers claimed that the data of over 100 million (10 crore) users had been leaked on to the Dark Web.
The (allegedly) leaked data includes several personal and confidential user details such as email ids, addresses, GPS locations, passwords, phone numbers etc. and totals up to about eight terabytes of data. Additionally, some loan-related financial details of merchants have also been found on the Dark Web.
The leak, which was first reported by an Indian researcher, Rajshekhar Rajaharia and later confirmed by French expert Robert Baptiste (often known as Elliot Alderson), was reported in early March. According to the researchers, a hacker named Jordan Daven had hacked the server, leaked the information on the dark web, and put it up for sale. Rajahria said, “Regular keys and passwords should have been changed, and logs should have been monitored to prevent this kind of security compromise.
On the other hand, the company denies any such leak.
“Some users have reported that their data is visible on the dark web. While we are investigating this, it is entirely possible that any user could have uploaded her/ his information on multiple platforms. Hence, it is incorrect to suggest that the data available on the dark web has been accessed from MobiKwik or any identified source,” said the company’s statement.
A note to our users. pic.twitter.com/J3WRM0Ko8v
— Bipin Preet Singh (@BipinSingh) March 30, 2021
Moreover, MobiKwik claims to have conducted thorough research and has not found proof of any such leak.
This comes at the worst time for MobiKwik, as it has reportedly been planning for an IPO. The company is planning to go public by the end of this year, and now, as users continue to target the company, it has ordered a forensic audit regarding the matter. A third party will conduct this research.