MobiKwik suffers a massive security breach, compromising private data of 3.5 million users.

According to Moneycontrol, a database containing the private details of 3.5 million users has appeared for sale on the dark web following a breach at payments startup Mobikwik.


Also read: Apple is expanding its independent repair program to almost every country where Apple sells its products

TechNadu was the first to report on the portal’s appearance and details about the breach, citing the work of independent researcher Rajshekhar Rajaharia. This afternoon, French ethical hacker and security researcher Robert Baptiste, also known as Elliot Alderson, tweeted about the suspected data breach.


You might also like: Beware! a new Android malware posing as ‘System Update’ can steal all your personal data


According to sources, the data compromised includes 36,099,759 files totaling 8.2 terabytes. According to TechNadu, this is for sale for 1.5 bitcoins (or $84,000). The data uploader has vowed to take the dark web offline after that, keeping it private for the buyer.


You might also like: Clubhouse for android turns out to be a trojan: Reports


Moneycontrol notes that the data contains user email addresses, phone numbers, hashed passwords, as well as bank account and card information. According to TechNadu, the following documents are available on the dark web:

1) Total 350GB MySQL dumps – > 500 databases

2) 99 million – mail, phone, passwords, addresses, lots more data, apps installed, phone manufacturer, IP address, GPS location.

3) 40 million – 10 digit card, month, year, card hash (sha256).


You might also: 18 year old Twitter hacker pleads guilty. Sentenced for 3 years in prison


“A media-crazed so-called security researcher has repeatedly over the last week presented concocted files wasting precious time of our organization while desperately trying to grab media attention,” MobiKwik tweeted. “We thoroughly investigated his allegations and did not find any security lapses. The various sample text files that he has been showcasing prove nothing. Anyone can create such text files to falsely harass any company.”