A massive data leak has been uncovered by security researchers early this week. This time, it is MobiKwik, an online payment app that made headlines for the worst. Yes, according to the researchers KYC data of 100 million users of MobiKwik has been leaked and put on sale on the dark web. Let’s see more details about the historical data leak and see how to check if your data is leaked in MobiKwik data leak.
What Is A Data Leak?
The common threats or problems of today’s data security are data leak, data breach, and data theft. It’s been seen that all three terms often used interchangeably. All three are not considered as same, just because they are associated with data security. They are all different from each other. Let’s see each of them one after another.
- Data Breach: We say there is a data breach when a successful attack is able to secure sensitive information. This requires a successful cyber attack to secure sensitive data.
- Data Theft: Data theft is nothing but exfiltration. When an unauthorised user accesses the data and takes it allegedly without the owner’s permission for any means. This is considered a cyber attack.
- Data Leak: Data leak is not limited to the unauthorized transfer of the data either electronically or physically but also publishing it on public platforms for sale. Most of the data leaks were published on the dark web. This won’t be necessarily a cyber attack. Data leak could happen because of accidental and misconfiguration reasons as well.
Common Vectors Of Data Leak:
Data leak could occur via web, email, storage drives, flash drives, optical drives, direct connections of digital devices like smartphone and laptops. But it can also occur in non electronic forms like taking print or note of the sensitive data, and even verbal transmission of data is also considered as data leak. In some cases, data leak could be due to accidental exposer and misconfigurations.
MobiKwik is India’s largest issuer-independent digital financial services platform, leveraging a sophisticated product and merchant acquisition capabilities. MobiKwik is founded in 2009 that provides a mobile phone based payment system and digital wallet.
What Security Researchers Revealed About The Mobikwik Data Leak?
Many security researchers started revealing the data leak of MobiKwik users in Feb 2021. According to the security researchers, the data of 100 million users were leaked and made available on the dark web for sale. It’s been said that the MobiKwik data leak is the largest KYC leak of history. In this data leak, around 8 TB of data has been leaked which includes, names, address, mobile number, email ID, GPS location, mobile device information, PAN number, Aadhar information, credit card information and bank account details.
First, it was reported by a security researcher Rajashekhar Rajaharia on Feb 26 2021. He also reported this to the Reserve Bank of India, the Indian computer emergency response team, PCI Standards, and payment technology firms. According to him, the data was put on sale on the dark web in January 2021.
In support of this, Prolific security researcher, Robert Baptiste confirmed the leak on 29th March 2021. Following that Alderson said this could be the “largest KYC leak in the history”.
A hacker group, Jordan daven emailed the link of the database to PTI on 20 Jan 20201 and said “they do not have any intention of using the data except to get money from the company and delete it from their end”.
Avinash Jain, an independent researcher said, “The attacker got hold of their cloud infrastructure and was able to access the data stores where this information was stored.”
How To Check Your Data Is Leaked? What You Should Do If You Find Your Data Has Got Leaked?
As the data is published on the dark web, you can’t use a normal web browser and search engines to access the data. A special browser called Tor is needed to access the dark web. Tor network and the dark web are separate topics of discussion. We have published dedicated posts on those topics. Please go ahead and read them if interested. Follow the instruction to check if your data is leaked in Mobikwik data leak.
- Download Tor browser and install on your PC. Installation process is quite straight and simple.
- Open this onion site in the Tor browser: Link
- This is the database of the MobiKiwk leaked on the dark web. Search your name or email ID in the list. If nothing shown up you are safe.
- If you see something, contact your bank, block your cards, change your PIN, reset your net banking password, at last change your email ID if possible.
Thanks, for reading this article. We recommend to visit thesecmaster.com to read more such articles.