Monday, December 23, 2024
HomeNews ReportsMobiKwik issues statement denying allegations of data breach, subtly blames users for the leak:...

MobiKwik issues statement denying allegations of data breach, subtly blames users for the leak: Details

MobiKwik claimed the breach did not happen at their end and the users might have uploaded the leaked details on multiple platforms.

After MobiKwik received widespread criticism over the alleged breach that caused data leak of over 3.5 million users, the company has again denied the allegation. In its statement, MobiKwik said that it is a ‘Truly Indian Payments App’ that is currently being used by 100 Million Indians and built by 350 Indians. MobiKwik claimed that it takes data security very seriously and “is fully compliant with applicable data security laws.”

MobiKwik detailed out data security measures it takes

In the statement, MobiKwik said that it has robust internal policies and information security protocols. It follows stringent compliance measures under its PCI-DSS, CISA, and ISO 27001:2013 certifications. “These include annual security audits and quarterly penetration tests to ensure the security of its platform. Under ISO 29147 Responsible Vulnerability Disclosure Program, it has a long-running Bugs Bounty program, where ethical hackers report security issues which are immediately fixed,” they added. 

The indirect blame on users

In the statement, what everyone found bizarre was the fact that MobiKwik tried to blame the users. It said some users have reported that their data is visible on the dark web. Though they are investigating the matter, “it is entirely possible that any user could have uploaded her/ his information on multiple platforms. Hence, it is incorrect to suggest that the data available on the dark web has been accessed from MobiKwik or any identified source.”

Netizens did not take the blame lightly criticized MobiKwik further for its stand. Sunny Nehra, Admin at Hacks And Security, said, “So in short you meant to say the users are responsible for this data leak and not MobiKwik. Well, the #mobikwik account creation date of users match with that in leaked data. The name convention of files, other info (like phnumber@ nocash. MobiKwik. com) all is coincidental.”

While talking to OpIndia about the leak and the statement issued by MobiKwik, Nehra said Indian companies should start accepting the mistake rather than blaming their users, directly or indirectly.

“The intimidation can work once or twice, but in the long run, it will hurt the company itself,” he said. Nehra said MobiKwik is a perfect case study to learn how not to handle data breaches or acknowledgment of breaches. “Denied the breach even after evidence, threatened the security researchers who brought it to light and blaming the users or victims whose data got leaked,” he added.

S Vaibhav asked If MobiKwik is blaming its users to save themselves from the breach?

Several other users showed their amazement over the blame-shifting by MobiKwik.

MobiKwik will get a third party forensic data security audit

In its statement, MobiKwik further added though they could not find any data breach when the issue was first reported, keeping the seriousness of the allegations in mind, they will get a third party to conduct a forensic data security audit. “Considering the seriousness of the allegations, and by way of abundant caution, it will get a third party to conduct a forensic data security audit,” they said.

‘The accounts and balances are safe’ claimed MobiKwik

Claiming that the company is committed to a safe and secure Digital India, MobiKwik said that all the accounts and balances on the platform are entirely safe. “All financially sensitive data is stored in encrypted form in our databases. No misuse of your wallet balance, credit card or debit card is possible without the one-time-password (OTP) that only comes to your mobile number,” they added while urging people not to open anonymous or dark web links as they could jeopardize users’ cyber safety.

If the breach happened, MobiKwik should come out clean

As the company has mentioned, it is planning to get a third-party audit, which can be seen as a welcoming step. However, the current stand and recent statement by the MobiKwik officials are adding more doubt to the minds of already panicked customers. When we are talking about millions of users, such a data breach cannot be taken lightly. MobiKwik should have got the third party audit at the time when it was reported the first time.

In our previous report, we mentioned that reports suggest the hackers have claimed that they are in contact with the company, and the sale was on hold for the time. Instead of throwing the users under the bus, MobiKwik could have skipped blame-shifting and end the statement to mention that they are getting a third-party audit.

Join OpIndia's official WhatsApp channel

  Support Us  

Whether NDTV or 'The Wire', they never have to worry about funds. In name of saving democracy, they get money from various sources. We need your support to fight them. Please contribute whatever you can afford

Searched termsMobikwik data breach
Anurag
Anuraghttps://lekhakanurag.com
B.Sc. Multimedia, a journalist by profession.

Related Articles

Trending now

- Advertisement -