Cyber security researchers have claimed that a database containing KYC details of nearly 3.5 million users of MobiKwik, a leading digital wallet and payments company, is up for sale on the Dark Web, IANS reported.
MobiKwik, which reportedly planning an initial public offering (IPO) around September this year to raise $200-250 million, on Monday denied claims that sensitive data of millions of its users has been leaked.
Cyber security researcher Rajshekhar Rajaharia and French researcher Elliot Alderson have revealed that the breach includes 8.2TB data containing users’ phone numbers, emails, hashed passwords, addresses, bank accounts and card details.
Some media-crazed so-called security researchers have repeatedly attempted to present concocted files wasting precious time of our organisation as well as members of the media, MobiKwik said in a media statement.
“We investigated and did not find any security lapses. Our user and company data is completely safe and secure,” MobiKwik said.
Alderson had tweeted: “Probably the largest KYC data leak in history.”
Rajaharia had claimed that 11 crore Indian cardholder’s cards’ data including personal details and KYC soft copy (PAN, Aadhaar etc) allegedly leaked from the company’s server in India.
The entire database is available for 1.5 Bitcoin (nearly $84,000) on the Dark Web, according to the researchers.
MobiKwik last week raised $7.2 million in a funding round prior to the listing on the stock exchange, according to regulatory filings with the Ministry of Corporate Affairs.
MobiKwik, which was founded in 2009 by Bipin Preet Singh and Upasana Taku, has raised $110 million in funding from investors. MobiKwik has 120 million users, 3 million merchants, and 300+ billers. MobiKwik has pre-approved 15 million users for its digital credit card aka buy now pay pater “BNPL” product Zip since 2018.