Data breach exposes over 8 TB of MobiKwik data; the company keeps denying the incident

A recent report reveals the detection of a massive data breach on the servers of MobiKwik, an Indian-based company founded in 2009 and offering a payment system based on smartphones and digital wallets. According to the report, this incident would have resulted in the exposure of up to 8.2 TB of confidential records on dark web.

The incident was initially reported by cybersecurity specialist Elliot Anderson via his Twitter account.

The screenshots posted by Anderson appear to come from a dark web forum and include multiple personal data such as phone numbers or email addresses, and those responsible for the leak ensure that they have access to highly detailed profiles of MobiKwik users.

While there are no additional confirmations, this incident was also noted by Rajshekhar Rajaharia, one of the most prestigious cybersecurity researchers in India, who even claims that the database was detected in early March 2021.

About the hackers responsible for this incident, the researcher mentions that his intention is to sell the database for 1.5 Bitcoin, equivalent to about $85,000 USD at the current exchange rate. Sellers claim that this information will be sold only to one customer, which can be highly appealing to other malicious hacking groups.

The committed information consists of a total of 350 gigabytes of MySQL dumps including 500 databases, as well as including nearly 99 million various records such as emails, phone passwords, addresses and data related to installed applications, IP addresses, location details, among others.

Cybercriminals also offer access to nearly 40 million credit cards, including their respective expiration and hashing dates; finally, hackers sell a set of 7.5 TB with over three million confidential details.

Through a statement, MobiKwik denies such an incident: “Some alleged security researchers looking to get the community’s attention have decided to present some fake files arguing that our systems have been compromised; we have thoroughly investigated and found no fault, so we can claim that the data of our staff and customers is completely safe.”

Many have been surprised by this announcement, as just a few days ago MobiKwik announced the process of launching its initial public offering, which could have raised the price of this company’s shares to unsuspected levels, even going over $1 billion USD.