New Delhi: Digital wallet and payments company MobiKwik has denied claims of a massive user data leak that has allegedly exposed the sensitive data of millions of its users.
Cybersecurity researchers have claimed that a database containing KYC details of nearly 3.5 million MobiKwik users is available for sale on the Dark Web.
ALSO READ | 10 WhatsApp Mistakes You Need To Stop Right Away
Independent cybersecurity researcher Rajshekhar Rajaharia had tweeted in February that data of "11 Crore Indian Cardholder Including personal details & KYC soft copy(PAN, Aadhar etc) allegedly leaked from a company's Server in India. 6 TB KYC Data and 350GB compressed mysql dump".
"Hacker claiming that he was having access in company's server since Jan 2021 to till today," he added in the tweet thread.
Restoking the controversy, French researcher who goes by pseudonym Elliot Alderson on Monday shared these claims in a tweet (removed by Twitter) where he wrote, "Probably the largest KYC data leak in history".
Meanwhile, MobiKwik has vehemently denied the security breach.
CEO Bipin Preet Singh shared a statement on Twitter where he contended that "it is entirely possible that any user could have uploaded her/his information on multiple platforms. Hence, it is incorrect to suggest that the data available on the darkweb has been accessed from MobiKwik or any identified sources".
He has assured the users that MobiKwik accounts and balances are completely safe after revealing that the company plans to bring a third party to conduct a forensic data security audit.
"The various sample text files that he has been showcasing prove nothing. Anyone can create such text files to falsely harass any company," Mobikwik had tweeted earlier in March in defence against the allegations.
According to researchers, the entire database is available on the Dark Web for 1.5 Bitcoin (nearly $84,000).
"Eliot Alderson" again retweeted a tweet thread by Kiran Jonnalagadda where allegations of Mobikwik saving card details without permission, storing details of apps on a user's phone, location coordinates etc. have been levelled.
The digital payments company is mired in this controversy while it reportedly plans to launch an initial public offering (IPO) around September this year to raise $200-250 million. How the matter unfolds remains to be seen.