Mobikwik Claims All Accounts Safe, Security 'Robust', to Conduct External Security Audit

Mobikwik has toned down its sharp response to claims of what has been reported as the biggest data breach of its kind. After shooting back at independent cyber security researcher Rajshekhar Rajaharia in its initial response dated March 4, Mobikwik has now issued a statement after a data dump on the dark web listed almost 11 crore entries of private and potentially sensitive user data, including over 35 lakh KYC documents in an 8.2TB database. Under ISO 29147 Responsible Vulnerability Disclosure Program, it has a long running Bugs Bounty programme.” The statement further denies the allegations of the Mobikwik data breach being, in fact, even originating from Mobikwik’s own servers. Considering the seriousness of the allegations, and by way of abundant caution, it will get a third party to conduct a forensic data security audit.” Mobikwik further addressed its users in its official statement, saying, “All financially sensitive data is stored in encrypted form in our databases. No misuse of your wallet balance, credit card or debit card is possible without the one-time-password that only comes to your mobile number.” The response comes after multiple notable figures from the cyber security community posted about the data breach, with some criticising the company for its lack of compliant responses to a seemingly severe complaint.