MobiKwik’s user data has been compromised and is believed to be accessible to hackers through a special search engine. Gurugram-based digital wallet company denies the data breach. However, independent security researchers say the data – more than 8.2TB – has been on the dark network for some time. Gadgets 360 was first notified of the alleged data breach in February. The group of hackers, who are said to have had access to the data for months, has now made it available through a search engine that offers some of the leaked data items – including names, phone numbers and email addresses of millions of affected users.
Denial of claims for leakage of sensitive data, MobiKwik stated that he had not found evidence of a violation.
“As a regulated entity, the company takes its data security very seriously and is fully compliant with applicable data security laws. The company is subject to strict compliance measures under its PCI-DSS and ISO certifications, which include annual security audits and quarterly intrusion tests to ensure the security of its platform, “a MobiKwik spokesman said in an email.
The spokesman added that the company was working closely “with the necessary authorities” on the matter and would have a third party conduct a judicial audit of the data security, given the seriousness of the allegations.
“For its customers, the company reiterates that all MobiKwik accounts and balances are completely secure,” the spokesman said.
Cybersecurity researcher Rajshehar Rajahariya first informed Gadgets 360 about the data breach on February 25. He said credit and debit card data, names, email addresses and other details for more than 100 million users had leaked into the dark web. The researcher also said that in addition to the details in the text, Customer Knowledge Information (KYC), which includes scanned documents such as a standing account number (PAN) and Aadhar cards, as well as bank statements of more than five crores, have been released from the group of hackers known by the nickname “ninja_storm”.
The researcher had shared several sample files that included a table structure with a reference to MobiKwik Zaakpay’s payment gateway.
Shortly after receiving the details from the researcher, Gadgets 360 contacted MobiKwik co-founders Bipin Preet Singh and Upasana Taku. At that time, the leaders did not provide any clarity about the violation. Email sent to CERT-In also did not receive correspondence.
MobiKwik on March 4 publicly denied his role in the data breaches and called the researcher “crazy in the media” without explicitly naming Rajashekar. The company also claims that the researcher in question presented “fictional files” to “attract media attention.”
However, on Monday, French security researcher Robert Baptist, known as Elliott Alderson, posted details of the alleged data breach on Twitter. It also provided details about the search engine, which was created by a group of hackers in the dark network and included some details about the user.
Several users on social media reported that they were able to find their data from this search engine.
The MobiKwik leak is real. Here’s what the dump was like for me. One of these credit cards was valid until a few weeks ago, and I don’t remember authorizing MobiKwik to keep it. Companies that lie like ???? must be taken to the wipers. https://t.co/sptyC1Jz8f pic.twitter.com/c4Uu25OviP
– Kiran Jonnalagadda (ackjackerhack) March 29, 2021
Some of my data is there. In fact, there is even an exact date for creating my mobikwik account in 2013.
Fortunately, an old expired card is mentioned because I only used mobikwik once.
Some, if not all, user data has leaked to Bipin. https://t.co/6V2KZrY4ra
– Nikhil Pahwa (@nixxin) March 30, 2021
However, Gadgets 360 failed to verify whether the available details were related to the alleged breach of MobiKwik’s data.
Orbital, the Gadgets 360 podcast, has a double count this week: the OnePlus 9 series and Justice League Snyder Cut (starting at 25:32). Orbital is available at Apple Podcasts,, Google Podcasts,, Spotifyand wherever you get your podcasts.