Mobikwik Data Breach - The Biggest KYC Data Leak

Nishant · Mar 29, 2021

Source

Onion link if anyone wants to check. Takes time and multiple tries to load.

http://mobikwikoonux37wauz6oqymshuvebj5u763rutlogc2fb2o3ugcazid.onion/

manu1991 · Mar 29, 2021

Keeps showing failed to connect to backend to me.

FFS, if they were in the US or EU, the fine alone would bankrupt them.

Sushubh · Mar 29, 2021

my gps coordinates.
one of my bank accounts.
one of my credit cards
my current mobile number.
are there.

and apparently they also have kyc data which means my pan card or voter id card photos because i didn't have aadhaar when i did my mobikwik kyc.

so everything is great.

manu1991 · Mar 29, 2021

What does this mean? Do they have my CVV etc or not? Card number is valid. I replaced with XXX

"card_number": "XXXXX******XXXX",
"holder_name": "manu1991",
"other_card_details": [
"expirymonth",
"expiryyear",
"cvv2"

Navjot Singh · Mar 29, 2021

It is possible that those details are available but the site owner has hidden them.

manu1991 · Mar 29, 2021

So they were storing CVV numbers as well? I thought no one stores CVV details. FFS. Will need to get all of them reissued

Sushubh · Mar 30, 2021

Blocked the card with info in that database.

shashankb · Mar 30, 2021

Haven't they heard of security audits. ?

Navjot Singh · Mar 30, 2021

What security audits? It's a lot easy to deny and move on. They know, the government won't take any action. And given the attitude, forget anything will happen. lol

Source

The attitude of the co-founder.

The company has of course denied any breach.

Source

This is an old tweet because this breach was first reported in late February.

shashankb · Mar 30, 2021

Can someone verify if CVV is also stored ?
Donno when Paytm will get jacked ....
Also being connected with bank accounts and knowing how much money each has , They will write a script which filters out with Balance Rs>X rupees . Shortlisted and scams will start.

All lessons to learn . Separate Saving/Salary/Main account from expenditure account is the least we can do

Sushubh · Mar 30, 2021

Heh

Source

Aakash Malhotra · Mar 30, 2021

How do I open that link to check my details? I downloaded tor browser and trying to open that link but its not working

Navjot Singh · Mar 30, 2021

It takes some time. The site is under heavy load. Even if you open it, you might need to search a couple of times.

Sushubh · Mar 30, 2021

tor browsers users do not contribute to tor network right? you have to run a dedicated tor node software or something?

i imagine the dump is also on torrents by now. might be easier to get it from there for local searches. searches on popular sites for mobikwik does not give any result so probably not.

Have I Been Pwned? would probably add it in the coming hours. But it does not show entire data. Just confirm that your data was breached if your email id was part of the hack.

Aakash Malhotra · Mar 30, 2021

assuming all the data like - kyc, mobile, card details has been leaked, what should be the corrective measures on the customers end?

Mobikwik Data Breach - The Biggest KYC Data Leak

Nishant

manu1991

Ancient Philospher

Sushubh

Admin

manu1991

Ancient Philospher

Navjot Singh

Admin

manu1991

Ancient Philospher

Sushubh

Admin

shashankb

Navjot Singh

Admin

shashankb

Sushubh

Admin

Aakash Malhotra

Navjot Singh

Admin

Sushubh

Admin

Aakash Malhotra

Similar threads