According to Moneycontrol, a database containing the private details of 3.5 million users has appeared for sale on the dark web following a breach at payments startup Mobikwik.
TechNadu was the first to report on the portal’s appearance and details about the breach, citing the work of independent researcher Rajshekhar Rajaharia. This afternoon, French ethical hacker and security researcher Robert Baptiste, also known as Elliot Alderson, tweeted about the suspected data breach.
According to sources, the data compromised includes 36,099,759 files totaling 8.2 terabytes. According to TechNadu, this is for sale for 1.5 bitcoins (or $84,000). The data uploader has vowed to take the dark web offline after that, keeping it private for the buyer.
You might also like: Clubhouse for android turns out to be a trojan: Reports
Moneycontrol notes that the data contains user email addresses, phone numbers, hashed passwords, as well as bank account and card information. According to TechNadu, the following documents are available on the dark web:
1) Total 350GB MySQL dumps – > 500 databases
2) 99 million – mail, phone, passwords, addresses, lots more data, apps installed, phone manufacturer, IP address, GPS location.
3) 40 million – 10 digit card, month, year, card hash (sha256).
“A media-crazed so-called security researcher has repeatedly over the last week presented concocted files wasting precious time of our organization while desperately trying to grab media attention,” MobiKwik tweeted. “We thoroughly investigated his allegations and did not find any security lapses. The various sample text files that he has been showcasing prove nothing. Anyone can create such text files to falsely harass any company.”