RBI examines MobiKwik 100M data breach
Leading mobile wallet and BNPL platform, MobiKwik was found to still be under examination for a data breach earlier this year as per an RTI filed by Srinivas Kodali, a cybersecurity researcher. The RBI stated that the forensic report filed by the company is still being reviewed by the institution ahead of its recent IPO approval.
The data breach in question, allegedly, happened earlier this year and involved the data of over 100 million users. The data breach is said to have supposedly impacted both users of the platform as well as merchants who acquired loans from them.
The 8.2TB worth of data listed the personal details of about 110 million users, including phone numbers, email ids, IP addresses, GPS locations, credit card numbers, and expiry dates. The database was put up for sale on the dark web for the price of 1.5 bitcoin ($85 thousand).
In response to the situation, MobiKwik co-founder and CEO, Bipin Preet Singh stated that the company cannot be blamed for the data breach and that it was possible that users had provided this information to multiple platforms- thus leading to the leak.
In its IPO filings, the company claimed that they had gotten a third-party forensic audit conducted and stated, “the forensic audit expert subsequently reported that based on the analysis of logs/ data provided to them, there was no unauthorised access from outside of our company’s infrastructure or internally to the database server wherein customer data is stored, during the review period.”
This report has been submitted to the RBI and its findings are yet to be corroborated by them.
Follow Startup Story
Related Posts
