33 C
Wednesday, April 21, 2021
Home Technology A hacker, 10 crore MobiKwik customers, over 1 month: Timeline of the...

A hacker, 10 crore MobiKwik customers, over 1 month: Timeline of the largest KYC data breach – Times of India

Soon after MobiKwik formally denied reviews of the “largest KYC data breach” for the second time in a month, the hacker in a publish on Raid Forum claimed that he has voluntarily deleted data backups of over 10 crore MobiKwik customers. This is bit stunning as the hacker–who goes by the identify “ ninja_storm”– had put up 8.2TB data of MobiKwik customers on the market at a value of 1.5 Bitcoin which interprets to round Rs 65 lakh on March 27, 2021.
While the alleged data breach itself was a public relations nightmare for MobiKwik, what’s regarding right here is that the hacker seems to have entry to private data of 10 crore customers of MobiKwik for over a month. According to cyber safety researcher Rajshekhar Rajaharia, the hacker bought entry to the data round January 21, 2021.
This 8.2TB data backup is alleged to have “email, phone number, passwords, addresses, other apps installed on users’ phone, phone manufacturer’s names, IP addresses, GPS location, etc of 10 crore users. Among the 10 crore users, the data base had bank card details of 4 crore users and merchant KYC data of 30 lakh users. The KYC data included “passports, Aadhaar cards, PAN cards, selfie, store picture proof etc used to get loans on the site,” as per the hacker.
Also learn: MobiKwik denies data breach at the same time as customers share (*1*)s price noting right here is that the data the hacker had in possession on March 27, 2021 was not sufficient to entry MobiKwik accounts. The identical was additionally identified by different “interested parties” terming the leak as “useless”. This is principally as a result of customers have to confirm OTPs (delivered by way of SMS) for logins and transactions on MobiKwik. So, regardless of having all consumer data, the hacker couldn’t have stolen cash from consumer’s accounts even when he needed to.

March 29, 2021: Several customers questioned MobiKwik on Twitter about the data breach after discovering their particulars on an Onion portal hyperlink. A form of search engine round the database was created on Onion which allowed folks to search out private particulars of MobiKwik customers by looking out with e mail ID. Once they bought a match, some customers claimed that the data was correct and certainly sourced from MobiKwik. Few of these customers shared screenshots of leaked private particulars and posted on Twitter.

March 29, 2021: Hacker claims that he has deleted particulars of some customers from the database after getting deletion requests from folks. He additionally provided to delete all data provided that MobiKwik accepted the data breach publicly. “Tweet mobikwik and if they will agree publicly then i’ll take all site down. They are lying for weeks,” he posted on the Raid Forum.

March 30, 2021, 5:13AM: Hacker claims that he hasn’t bought the leaked data. News of the MobiKwik data breach seems on nearly all main information websites.

March 30, 3:30PM: MobiKwik releases one other assertion denying the breach. The firm didn’t settle for that “the data available on the darkweb has been accessed from MobiKwik or any identified source.” It additional added, “…considering the seriousness of the allegations, and by way of abundant caution, it will get a third party to conduct a forensic data security audit.”

March 30, 6:35PM: Hacker posts one other message on Raid Forum claiming that he has deleted all data. “I’ve done this deletion myself and no foul play here. Now all of your data is secure with Mobikwik and no one can misuse it except of course Mobikwik for targeted ads or call which everyone does anyway. We just don’t want to see a company dig themselves deeper and bury themselves in. Guess we all learned some useful life lessons during this past couple of days. Adios,” he mentioned in a protracted publish.


Without revealing the precise cause for giving up on his data, the hacker claims that he doesn’t need to harm the firm forward of its itemizing. MobiKwik is concentrating on an IPO earlier than September 2021 and expects to boost between $200 million and $250 million.
March 30, 7:28PM: Hacker claims that he hasn’t taken any cash for deleting data voluntarily in a separate publish.

What’s subsequent:
The leaked database had private particulars of 10 crore customers and the hacker had put a asking value of round Rs 65 lakh or 1.5 Bitcoin. The maths roughly interprets to six paise per consumer. With Mobikwik denying the breach, we solely have the hacker’s phrase right here that the data has been truly deleted. Also, we’ve little choice however to consider the hacker that he hasn’t bought the data to another social gathering already. Having mentioned that the leaked data is already claimed to be floating round Telegram teams.
While the data is probably not of use in direct monetary frauds, it may be used for impersonation, bullying, focused spam and phishing makes an attempt and different sorts of on-line crimes.

Source link

Most Popular