MobiKwik denies claims that KYC data of 3.5 mn users leaked on web

Mobile payments company MobiKwik on Tuesday denied accusations that data of its 3.5 million users have been leaked on the dark web.

Published: 31st March 2021 09:42 AM  |   Last Updated: 31st March 2021 09:42 AM   |  A+A-

Image courtesy Twitter @MobiKwik

Express News Service

BENGALURU:  Mobile payments company MobiKwik on Tuesday denied accusations that data of its 3.5 million users have been leaked on the dark web. The denial comes after alerts and complaints surfaced on Twitter from security experts and users that their sensitive information including credit card details, Aadhar card numbers, phone numbers and KYC details were accessible on the dark web. MobiKwik CEO Bipin Preet Singh responded on Tuesday that the company will get a third party to conduct a forensic data security audit.   

“For our users, we reiterate that all your MobiKwik accounts and balances are completely safe. All financially sensitive data is stored in encrypted form in our databases. No misuse of your wallet balance, credit card or debit card is possible without the one-time-password (OTP) that only comes to your mobile number. We strongly recommend that you do not try to open any darkweb/anonymous links as they could jeopardize your own cyber safety,” Singh said in a statement.  

MobiKwik, which has been preparing to list on stock exchanges this year, also said that while the company is investigating this, it was entirely possible that any user could have uploaded her/his information on multiple platforms. “Hence, it is incorrect to suggest that the data available on the darkweb has been accessed from MobiKwik or any identified source,” it added.

A month ago, an internet researcher Rajshekhar Rajhari had put out a tweet alleging that 11 crore Indian card holders’ data had been stolen by hackers who had access to MobiKwik’s server since December 2020. He had added that these hackers were trying to sell the data on the dark web for over 1.5 bitcoins amounting to  more than Rs 50 lakh. 

Besides Rajaharia, a French cyber security specialist, Robert Baptiste, who tweets with the handle Elliot Anderson, termed the MobiKwik’s data breach as the biggest KYC leak in history. Many MobiKwik users also claimed on social media that they have seen their credit card details, phone numbers/email addresses available online via a viral link. 

Kiran Jonnalagadda, co-founder of HasGeek, for instance, tweeted that the MobiKwik leak was real: “Here is what the dump had for me. One of those credit cards was valid until a couple weeks ago, and I don’t recall authorising MobiKwik to save it”. 


Disclaimer : We respect your thoughts and views! But we need to be judicious while moderating your comments. All the comments will be moderated by the editorial. Abstain from posting comments that are obscene, defamatory or inflammatory, and do not indulge in personal attacks. Try to avoid outside hyperlinks inside the comment. Help us delete comments that do not follow these guidelines.

The views expressed in comments published on are those of the comment writers alone. They do not represent the views or opinions of or its staff, nor do they represent the views or opinions of The New Indian Express Group, or any entity of, or affiliated with, The New Indian Express Group. reserves the right to take any or all comments down at any time.

flipboard facebook twitter whatsapp