Mobile payment firm MobiKwik denies claims of data leak of 3.5 million users on dark web

MobiKwik, which is preparing to list on stock exchanges this year, said while it is investigating this, it is entirely possible that any user could have uploaded her/his data on multiple platforms

Published: 30th March 2021 07:36 PM  |   Last Updated: 30th March 2021 07:36 PM   |  A+A-

Image courtesy Twitter @MobiKwik

Express News Service

BENGALURU: Mobile payment firm MobiKwik denied accusations of a data leak of its 3.5 million users after complaints surfaced on Twitter by security experts and others that their sensitive information including credit card details, Aadhaar card numbers, phone numbers and KYC details were accessible on the dark web.

MobiKwik CEO Bipin Preet Singh clarified on Tuesday that in response to the accusations, the company will get a third party to conduct a forensic data security audit.
“For our users, we reiterate that all your MobiKwik accounts and balances are completely safe. All financially sensitive data is stored in encrypted form in our databases. No misuse of your wallet balance, credit card or debit card is possible without the one-time-password (OTP) that only comes to your mobile number. We strongly recommend that you do not try to open any darkweb/anonymous links as they could jeopardize your own cyber safety,” Singh said in a statement.

A month ago, an internet researcher, Rajshekhar Rajhari, put out a tweet alleging that 11 crore Indian card holders’s data was stolen by hackers who had access to MobiKwik’s server since December 2020. He added that the hackers are trying to sell the data on the dark web for over 1.5 bitcoins amounting to  more than Rs 50 lakhs.

Besides Rajaharia, a French cyber security specialist, Robert Baptiste, who tweets with the handle Elliot Anderson termed MobiKwik’s data breach as the biggest KYC leak in the history.

Many MobiKwik users also claimed to have seen their credit card details, phone numbers/email addresses online by clicking on a link which had gone viral.

Kiran Jonalagadda, co-founder of HasGeek, said that the MobiKwik leak is real. “Here is what the dump had for me. One of those credit cards was valid until a couple weeks ago, and I don't recall authorising MobiKwik to save it. Companies that lie ought to be taken to the cleaners,” he tweeted.

MobiKwik, which is preparing to list on stock exchanges this year, said while the company is investigating this, it is entirely possible that any user could have uploaded her/his information on multiple platforms. “Hence, it is incorrect to suggest that the data available on the dark web has been accessed from MobiKwik or any identified source,” it added.



Disclaimer : We respect your thoughts and views! But we need to be judicious while moderating your comments. All the comments will be moderated by the editorial. Abstain from posting comments that are obscene, defamatory or inflammatory, and do not indulge in personal attacks. Try to avoid outside hyperlinks inside the comment. Help us delete comments that do not follow these guidelines.

The views expressed in comments published on are those of the comment writers alone. They do not represent the views or opinions of or its staff, nor do they represent the views or opinions of The New Indian Express Group, or any entity of, or affiliated with, The New Indian Express Group. reserves the right to take any or all comments down at any time.

flipboard facebook twitter whatsapp