Last week saw a kerfuffle of unparalleled proportions in the Indian startup ecosystem. On one hand, there were claims that India had experienced its largest data breach. Records and private information of a mind-boggling 100 million users leaked from a fintech startup. On the other hand, MobiKwik*, the company in question, denied that any such breach ever happened.
MobiKwik co-founder and CEO Bipin Preet Singh claimed that the data was likely to have been lost by users on other platforms. The company even went as far as to paint the researcher who flagged the issue, Rajshekhar Rajaharia, as “media-crazed” and having ulterior motives.
So what exactly happened, and more importantly, what does this mean for both MobiKwik and its users? Before we get into that, here’s a quick primer on the situation so far.
On 24 February, a hacker called
ninja_storm
Raid Forums
Thread SELLING BIG DATA LEAK
Read more
When others demanded proof that the database dump was indeed genuine, the hacker sent three files on 25 February.
The first file was a database schema (structure of database) of saved cards, which contained partially masked credit card numbers (showing the first six and last six digits), card IDs, and other details.
The second file was a list of all databases and tables. This list pointed to a rich store of information, ranging from complete user details such as passwords (stored in a hashed manner), addresses, payment and transaction history, balance details, GPS locations, lending information, bank limits, device names, and card data of providers such as American Express.
Credits
Written by Sumanth Raghavendra, Anand Venkatanarayanan
Share this article with your network
Send the article link to friends or colleagues who might find this story interesting or insightful.
Send the article link to friends or colleagues who might find this story interesting or insightful.