Claims of data breach being investigated: MobiKwik CEO

Our Bureau Updated - December 06, 2021 at 07:26 AM.

Third party to be roped in to conduct a forensic data security audit

Signage for digital payment service MobiKwik, operated by One MobiKwik Systems Pvt., is displayed at a stall selling snacks in Bengaluru, India, on Saturday, Feb. 4, 2017. A relative laggard in digital transactions, India has more recently seen 50 percent year-on-year growth, according to a study by Google and Boston Consulting Group. The pace may accelerate with demonetization giving digital wallets like Paytm, MobiKwik and Freecharge an extra push. Photographer: Dhiraj Singh/Bloomberg Signage for digital payment service MobiKwik, operated by One MobiKwik Systems Pvt., is displayed at a stall selling snacks in Bengaluru, India, on Saturday, Feb. 4, 2017. A relative laggard in digital transactions, India has more recently seen 50 percent year-on-year growth, according to a study by Google and Boston Consulting Group. The pace may accelerate with demonetization giving digital wallets like Paytm, MobiKwik and Freecharge an extra push. Photographer: Dhiraj Singh/Bloomberg

 

MobiKwik CEO Bipin Preet Singh on Tuesday said the company is investigating claims of some users that their data was available on the dark web. He said the company would get a third party to conduct a forensic data security audit.

Responding to reports of a massive data breach in MobiKwik’s servers, Singh came out with a detailed statement and said it is possible that any user could have uploaded their information on multiple platforms and it would be incorrect to say it has been accessed from the company or any identified source.

Data of 3.5 m MobiKwik users allegedly hacked
 

“When this matter was reported first last month, the company undertook a thorough investigation with the help of external security experts and did not find any evidence of a breach,” he stressed.

He further said the company is closely working with requisite authorities, and is confident that security protocols to store sensitive data are robust and have not been breached.

“For our users, we reiterate that all your MobiKwik accounts and balances are completely safe,” he said, adding that all financially sensitive data is stored in encrypted form in the company’s database.

According to independent cybersecurity researchers, personal details of 3.5 million MobiKwik users seem to have been leaked and is available for sale on the dark web.

The breach was flagged by French cybersecurity researcher, Elliot Alderson, on March 29, but prior to that was raised by Internet security researcher, Rajshekhar Rajaharia, in early March.

In his statement, Singh stressed that MobiKwik has robust internal policies and information security protocols and is subject to stringent compliance measures, including annual security audits.

In a bid to assure users, he said no misuse of credit cards, debit cards and wallet details is possible without a one-time password, which is received on the registered mobile phone only. He also urged users not to open any dark web or anonymous links.

Founded in 2009, MobiKwik’s payments network is one of the largest in India with more than 120 million users, three million merchants, and over 300 billers.

Published on March 30, 2021 11:32
Tags
Related Articles