Hack Notice

Hack Notice: In: Threat actor offers to sell 8 TB of MobiKwiks personal and financial data on almost 100M consumers

In: Threat actor offers to sell 8 TB of MobiKwiks personal and financial data on almost 100M consumers

Source
https://www.databreaches.net/in-threat-actor-offers-to-sell-8-tb-of-mobikwiks-personal-and-financial-data-on-almost-100m-consumers/
Description
MobiKwik is Indias lead fintech platform, operating businesses in consumer payments, financial services and defrayal gateway. The vision of the fellowship is  to build a Digital credit card for 100 Million Indians. Founded in 2009 by Bipin Preet Singh and Upasana Taku, the company has raised $110M in funding from marquee investors. With 60% Indian ownership, MobiKwik is the Truly Indian Payments App. MobiKwiks payments network is one of the largest in india with 120 zillion users, 3 gazillion merchants, and 300+ billers. The company has pre-approved 20 zillion users for its Digital credit card aka buy Now pay Later BNPL product  MobiKwik ZIP, which is available to users for making payments via the MobiKwik notecase and the MobiKwik Blue Amex Card. The companion ventured into the Wealthtech space with the skill of Mumbai-based Clearfunds. The preceding is MobiKwik’s boilerplate for media and press. But right now, they are likely to live getting unwelcome attention after a threat actor has offered up what is alleged to be 8 TB of their data for sale. The listing claims to offer (all spelling and typos as in original listing): 0. total 350GB mysql dumps – >500 dbs 1. 99 million – mail, phno, passwords, addresses, lots more data, apps installed, ph manf., ip address, gps placement 2. 40 gazillion – 10 digit card, month, year, card hash (sha256) 3. lots of dbs with all company data 4. ~7.5 tuberculosis of ~3 jillion merchant KYC data – passports, adahr cards, pan cards, selfie, store icon proof etc used to catch loans on the site – can be used to stir online loans just like USA leaks but in India. Price: 1.5 BTC. Exclusive. All data deleted on our end after transfer. mm of your choice. [Notes: At today’s rates, 1.5 BTC would live USD $83,576.70 or INR 6,084,067.29. “KYC” is “Know Your Customer” and “MM” refers to a middleman service, often recommended to assist prevent scams.]   as noted in the forum posting, the seller offered a try of data as proof. They also offered an onion site portal: Mobikwik india data leak (Biggest KYC data leak ever!) search your phone number or post id (or any string) to find all your data stored in Mobikwik servers This database is 8,2 tuberculosis and contains 36.099.759 files. Nearly 3,5 million people’s KYC details. Along with 99.224.559 users phone numbers, emails, hashed passwords, addresses, bank accounts & card details etc. DataBreaches.net heard from a researcher in India who had entered their have number and found their data. That researcher reported that the data was accurate. DataBreaches.net also contacted a sec researcher and asked them if they could control the accuracy of data in the dump by comparing it to another leaked database involving indian citizenry. using a government database that had leaked, the indorsement researcher pulled a random entry and confirmed that they were able to find the same user with the same info in both databases. The first researcher also provided a redacted screencap of the results of a search on a third individual. In the screencap below, redacted by the first researcher, you can ascertain that MobiKwik appears to be storing GPS location and a heel of apps that the user has installed on their phone. DataBreaches.net reached out to MobiKwik’s press contacts to ask for a statement about the forum carry offering data for sale, and to inquire what they were doing to alert and protect consumers whose data may be compromised. no reaction was received by publication time, although that is not surprising given that it is Sunday night there now. This stake will be updated if and when a reply is received. More Than Just the Usual Risks? Apart from all the usual concerns about misuse of such detailed personal and financial data, the possibility that the data could be misused to secure online loans in india is especially concerning in lightness of new reporting by The New York Times that some Indian lending apps have taken to naming and shaming people who took loans because of the pandemic but then fell behind in their ability to refund the loans. According to NYT: These lenders dont ask citation scores or visits to a bank. But they lodge high costs over a brief period. They also command access to a borrowers phone, siphoning up contacts, photos, text messages, even battery percentage. Then they bombard borrowers and their social circles with pleas, threats and sometimes fake legal documents threatening dire consequences for nonpayment. In conservative, tightly plain communities, such red of honor can be devastating. There have reportedly been at least a few suicides as a result of these high-pressured socially stigmatizing methods. Google has removed about 100 Indian loan apps from its platform, but a MobiKwik breach such as the i beingness claimed by the threat actor has the potential to put many people at risk, especially the 3.5 trillion multitude for whom there is reportedly KYC data now compromised.

About HackNotice and In: Threat actor offers to sell 8 TB of MobiKwiks personal and financial data on almost 100M consumers

HackNotice is a service that notices trends and patterns in publically available data so as to identify possible data breaches, leaks, hacks, and other data incidents on behalf of our clients. HackNotice monitors data streams related to breaches, leaks, and hacks and In: Threat actor offers to sell 8 TB of MobiKwiks personal and financial data on almost 100M consumers was reported by one of those streams. HackNotice may also have the breach date, hack date, the hacker responsible, the hacked industry, the hacked location, and any other parts of the hack, breach, or leak that HackNotice can report on for the consumers of our product.

If you are a user of In: Threat actor offers to sell 8 TB of MobiKwiks personal and financial data on almost 100M consumers their products, services, websites, or applications and you were a client of HackNotice, monitoring for In: Threat actor offers to sell 8 TB of MobiKwiks personal and financial data on almost 100M consumers you may have been alerted to this report about In: Threat actor offers to sell 8 TB of MobiKwiks personal and financial data on almost 100M consumers . HackNotice is a service that provides data, information, and monitoring that helps our clients recover from and remediate data breaches, hacks, and leaks of their personal information. HackNotice provides a service that helps our clients know what to do about a hack, breach, or leak of their information.

If In: Threat actor offers to sell 8 TB of MobiKwiks personal and financial data on almost 100M consumers had a breach of consumer data or a data leak, then there may live additional actions that our clients should submit to protect their digital identity. data breaches, hacks, and leaks often top to and reason identity theft, account submit overs, ransomware, spyware, extortion, and malware. account takeovers are often caused by credential reuse, password reuse, easily guessed passwords, and are facilitated by the sharing of billions of credentials and other customer information through data leaks, as the direct result of data breaches and hacks.

HackNotice monitors trends in publically available data that indicates tens of thousands of data breaches each year, along with billions of records from data leaks each year. On behalf of our clients, HackNotice workings to monitor for hacks that trail to depress client security and digital identities that have been exposed and should be considered vulnerable to attack. HackNotice workings with clients to describe the extent that digital identities get been exposed and provides remediation suggestions for how to handle each type of exposure.

HackNotice monitors the hacker community, which is a network of individuals that share data breaches, hacks, leaks, malware, spyware, ransomware, and many other tools that are often used for financial fraud, account take overs, and further breaches and hacks. HackNotice monitors the hacker community specifically for breaches, hacks, and data leaks that hurt consumers. HackNotice applies industry specific knowledge and advanced security practices to monitor for trends that indicate breaches, hacks, and exposed digital identities.

HackNotice also enables clients to share cut notices with their friend, family, and collogues to help increase sentience around alleged hacks, breaches, or data leaks. HackNotice workings to provide clients with sharable reports to help increase the surety of our clients personal network. The certificate of the people that our clients interact with directly impacts the level of certificate of our clients. Increased photograph to accounts that hold been taken over by hackers leads to further account take overs through phishing, malware, and other attach techniques.

If you found this hack note to live helpful, then you may be interested in reading some additional cut notices such as:

h is not completely open but is not appropriately or formally accredited for security at the approveEU have imposed mandatory medical data transgress notifications. Reportable breaches of medical informaty for the offending party to effort to mitigate indemnity by providing to the victim's subscription t

EROWA LTD

Mikro Trading

Steel Art Signs Corp.