A massive database showed available to be sale on a popular hacker forum containing highly sensitive details of millions of Indians, users of MobiKwik. This is a Gurugram-based company offering a mobile phone-based payment system and a digital wallet, enabling users to perform transactions right from the mobile app. From 2016 and onward, MobiKwik even offered small loans to its users, and so KYC requirements had to be put in place. This means that the firm was holding PII, ID documents, scanned passports and Aadhar cards, and a lot more.
Independent researcher Rajshekhar Rajaharia has recognized the new database and informed us regarding the fact, so we have investigated, and we can confirm that the data appears to be valid. The seller has set up a dark web portal where one can search by phone number or email ID and get the specific results out of a total of 8.2 TB of data.
Test of Leaked KYC Documents having a place with MobiKwik Customers
At the set cost of 1.5 BTC ($84k), a purchaser can get the whole data set and have the dull web-based interface taken disconnected, keeping everything selective. The dealer records the accompanying as remembered for the gigantic pack:
Total 350GB MySQL dumps – > 500 database
99 million – mail, phones, passwords, addresses, lots more information, applications installed, ph manf., IP address, GPS area
40 million – 10 digit card, month, year, card hash (sha256)
lots of database with all company information.
~7.5 TB of ~3 million Merchant KYC data – passports, Aadhar cards, pan cards, selfie, store picture proof, etc., used to get loans on the site
The seller claims that each of the merchant entries in the database can be used to raise $500-$1,000 loans in Indian currency, so the investment of the 1.5 BTC could supposedly yield up to three billion USD. Allegedly, a partner has tried to raise a couple of loans as proof of concept, and it worked out as expected.
To avoid paying the full price, someone has set up a script to try and scrape the entire 99 million entries from the Tor site, which obviously is a desperate effort. Still, it goes to show that there’s some interest in this data, even if many question its real value against the price tag. The situation is quite bad for the exposed users as anyone can search them specifically, and some are already scraping parts of the database.
At the hour of writing this, MobiKwik is yet to recognize any information breaches that resulted in this massive exposure, and the company hasn’t made any relevant announcements on the official site or its social media channels. We have asked for a comment, and we will update this piece as soon as we hear back from them.
Thus, MobiKwik denies that the information which we have seen online have a place with them, really blaming the researchers for having ulterior thought processes in making these cases. In any case, they have not clarified why the merchant is also claiming the source is MobiKwik, and how come the samples that we’ve seen on the Tor site contain images of MobiKwik QR codes. The story is currently developing; we will update you while we get any additional information on the leak.