/security

News and resources on cyber and physical threats to banks and fintechs worldwide.

MobiKwik calls in external auditors to investigate alleged data breach

Having initially dismissed reports of the leak of 100 million customer files on the dark web, Indian payments processor MobiKwick has brought in external investigators to conduct a forensic data security audit.

  0 1 comment

MobiKwik calls in external auditors to investigate alleged data breach

Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

The alleged leak was first exposed early last month by Indian security researcher Rajshekhar Rajaharia

His posting received a ferocious response from MobiKwik, accusing him of concocting the data and threatening legal action, a reaction which led one commentator to accuse the firm of going 'all Iraqi general' on the reports A month on and MobiKwik admits that "some users have reported that their data is visible on the darkweb".

The firm says it undertoook an internal investigation when reports of the hack first surfaced but found no evidence of a breach of its systems.

In a statement on the latest developments Mobikwik says: "The company is closely working with requisite authorities, and is confident that security protocols to store sensitive data are robust and have not been breached. Considering the seriousness of the allegations, and by way of abundant caution, it will get a third party to conduct a forensic data security audit."

The firm believes that stolen data from users may have been accessed from other third party sites: "It is entirely possible that any user could have uploaded her/ his information on multiple platforms. Hence, it is incorrect to suggest that the data available on the darkweb has been accessed from MobiKwik or any identified source."

Sponsored [Webinar] PREDICT 2025: The Future of AI in the US

Related Company

Comments: (1)

Hitesh Thakkar

Hitesh Thakkar Technology Evangelist (Financial Technology) at SME - Fintech startups (APAC and Africa)

Hope the Processor comes up with reasons for data breaches after investigation from 3rd party auditors. 

Regulator in India still have not lost control from PSPs, Banks so hope out come will not be bias.  

[On-Demand Webinar] Solving the KYC challenge with end-to-end processesFinextra Promoted[On-Demand Webinar] Solving the KYC challenge with end-to-end processes