Payment app Mobiwik went under the scanner on Monday after a security analyst claimed that the information of 3.5 million users were set available to be purchased on dark web.

HIGHLIGHTS

• A security analyst claimed that the data of 3.5 million Mobiwik users were set available to be purchased on dark web

• The analyst claimed that the sensitive information of 3.5 million users that was put on the dark web for sale includes KYC details, addresses, phone numbers and others.

• Several customers had reportedly spotted their personal details on the dark web link that is being circulated on the internet.

Payment app Mobiwik went under the scanner on Monday after a security analyst claimed that the data of 3.5 million users were set available to be purchased on dark web. The researcher claimed that the sensitive information of 3.5 million users that was put on the dark web, The sale includes KYC details, addresses, phone numbers, Aadhar card data and other details of the users. Several users had reportedly spotted their personal details on the dark web link that is being circulated on the internet.

The data breach was first spotted by security analyst Rajshekhar Rajaharia in February. “11 Crore Indian Cardholder's Cards Data Including personal details & KYC soft copy (PAN, Aadhar etc) allegedly leaked from a company's Server in India. 6 TB KYC Data and 350GB compressed mysql dump,” he had stated.

The screenshots of the Mobiwik breach were posted on Twitter by another security Analyst who goes by the name Elliot Alderson. He said it is the “largest KYC data leak in the history”.

According to report, the email ids, phone numbers, passwords apps installed, phone manufacturer, IP address, GPS locations, and other details of users were leaked. The report further reveals that the alleged seller has set up a dark web portal “where one can search by phone number or email ID and get the specific results out of a total of 8.2 TB of data.”

The company had denied Rajshekhar’s claimed back in February but on Monday, a link from the dark web was reportedly spotted online. Users had claimed seeing their personal details on the dark web.

Several users also posted screenshots of the Mobiwik users' data that was up for sale on the dark web. According to reports, the data was being sold for 1.5 bitcoin or about $86,000. However, Mobiwik has outrightly denied the claims made by Rajaharia.

A company spokesperson stated, “Some media-crazed so-called security analyst have repeatedly attempted to present concocted files wasting precious time of our organization as well as members of the media. We thoroughly investigated and did not find any security lapses. Our user and company data is completely safe and secure.”