Our Bureau
Mobikwik CEO Bipin Preet Singh, on Tuesday, said that the company is investigating the claims of some users that their data are available on the dark web. He said Mobikwik will get a third party to conduct a forensic data security audit.
Responding to reports of a massive data breach in Mobikwik’s servers, Singh came out with a detailed statement and said it is possible that any user could have uploaded the information on multiple platforms, and it would be incorrect to say it has been accessed from the company or any identified source. “When this matter was reported first last month, the company undertook a through investigation with the help of external security experts and did not find any evidence of a breach,” he stressed.
Security protocols
He further said the company is closely working with requisite authorities, and is confident that security protocols to store sensitive data are robust and have not been breached.
“For our users, we reiterate that all your Mobikwik account and balances are completely safe,” he said, adding that all financially sensitive data are stored in encrypted form in the company’s database.
According to independent cybersecurity researchers, the personal details of 3.5 million MobiKwik users seem to have been leaked and are available for sale on the dark web.
The breach was flagged by French cybersecurity researcher Elliot Alderson on March 29, but prior to that, it was raised by internet security researcher, Rajshekhar Rajaharia, in early March.
In his statement, Singh stressed that Mobikwik has robust internal policies and information security protocols, and is subject to stringent compliance measures, including annual security audits.
In a bid to assure users, he said that no misuse of credit card, debit card and wallet details is possible without a one-time password, which comes only on the registered mobile phone. He also urged them not to open any dark web or anonymous links for they own cyber safety.
Founded in 2009, Mobikwik’s payments network is one of the largest in India with more than 120 million users, three million merchants and over 300 billers. The company is also eyeing an IPO.
Experts’ view
However, experts said that it is only the data of Mobikwik customers that has been impacted in this breach. “I experienced that it was Mobikwik customers whose data have been impacted and not the customers of other companies. The personal data has been leaked and Mobikwik needs to take steps to address it,” said Prasad T, Chief Information Security Officer, Instasafe.
Experts advise that customers must change their passwords and caution that personal data can be used for purposes such as availing online bank loans.
“Globally, in many countries, there are rules that any company, which faces a data breach, must disclose it to the customers. We need to have such a law even in India as often customers are left unaware,” noted another expert.
Comments
Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.
We have migrated to a new commenting platform. If you are already a registered user of TheHindu Businessline and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.