Security News > 2021 > April > MobiKwik Suffers Major Breach — KYC Data of 3.5 Million Users Exposed
Popular Indian mobile payments service MobiKwik on Monday came under fire after 8.2 terabytes of data belonging to millions of its users began circulating on the dark web in the aftermath of a major data breach that came to light earlier this month.
As of July 2020, MobiKwik serves 120 million users and 3 million retailers across the country.
Multiple users have confirmed to the contrary, finding their personal details in the "MobiKwik India data leak" site, lending credence to the breach.
Interestingly, it appears that after Rajaharia disclosed the leak, outed the company's identity, and warned MobiKwik over email, the firm simultaneously took measures to stop the hacker from downloading the data.
"We never wanted any money anyway, so not sad. But one of the biggest hacks of KYC ever shit!!! OR SO WE THOUGHT. :( So, I guess I grow old saying I used to hack and shit. Rather than actually hacking and shit. Exciting 1 month though!!!," the hacker said, implying that the breach dated back to January, echoing Rajaharia's tweets from March 4.
A month later, in a separate listing on March 27, the hacker claimed, "We recovered all data and it's up for sale," offering up what is alleged to be 8TB of their data for 1.5 bitcoins ($85,684.