Friday, April 23, 2021
Home News Reports MobiKwik issues statement denying allegations of data breach, subtly blames users for the leak:...

MobiKwik issues statement denying allegations of data breach, subtly blames users for the leak: Details

MobiKwik claimed the breach did not happen at their end and the users might have uploaded the leaked details on multiple platforms.

After MobiKwik received widespread criticism over the alleged breach that caused data leak of over 3.5 million users, the company has again denied the allegation. In its statement, MobiKwik said that it is a ‘Truly Indian Payments App’ that is currently being used by 100 Million Indians and built by 350 Indians. MobiKwik claimed that it takes data security very seriously and “is fully compliant with applicable data security laws.”

MobiKwik detailed out data security measures it takes

In the statement, MobiKwik said that it has robust internal policies and information security protocols. It follows stringent compliance measures under its PCI-DSS, CISA, and ISO 27001:2013 certifications. “These include annual security audits and quarterly penetration tests to ensure the security of its platform. Under ISO 29147 Responsible Vulnerability Disclosure Program, it has a long-running Bugs Bounty program, where ethical hackers report security issues which are immediately fixed,” they added. 

The indirect blame on users

In the statement, what everyone found bizarre was the fact that MobiKwik tried to blame the users. It said some users have reported that their data is visible on the dark web. Though they are investigating the matter, “it is entirely possible that any user could have uploaded her/ his information on multiple platforms. Hence, it is incorrect to suggest that the data available on the dark web has been accessed from MobiKwik or any identified source.”

Netizens did not take the blame lightly criticized MobiKwik further for its stand. Sunny Nehra, Admin at Hacks And Security, said, “So in short you meant to say the users are responsible for this data leak and not MobiKwik. Well, the #mobikwik account creation date of users match with that in leaked data. The name convention of files, other info (like phnumber@ nocash. MobiKwik. com) all is coincidental.”

While talking to OpIndia about the leak and the statement issued by MobiKwik, Nehra said Indian companies should start accepting the mistake rather than blaming their users, directly or indirectly.

“The intimidation can work once or twice, but in the long run, it will hurt the company itself,” he said. Nehra said MobiKwik is a perfect case study to learn how not to handle data breaches or acknowledgment of breaches. “Denied the breach even after evidence, threatened the security researchers who brought it to light and blaming the users or victims whose data got leaked,” he added.

S Vaibhav asked If MobiKwik is blaming its users to save themselves from the breach?

Several other users showed their amazement over the blame-shifting by MobiKwik.

MobiKwik will get a third party forensic data security audit

In its statement, MobiKwik further added though they could not find any data breach when the issue was first reported, keeping the seriousness of the allegations in mind, they will get a third party to conduct a forensic data security audit. “Considering the seriousness of the allegations, and by way of abundant caution, it will get a third party to conduct a forensic data security audit,” they said.

‘The accounts and balances are safe’ claimed MobiKwik

Claiming that the company is committed to a safe and secure Digital India, MobiKwik said that all the accounts and balances on the platform are entirely safe. “All financially sensitive data is stored in encrypted form in our databases. No misuse of your wallet balance, credit card or debit card is possible without the one-time-password (OTP) that only comes to your mobile number,” they added while urging people not to open anonymous or dark web links as they could jeopardize users’ cyber safety.

If the breach happened, MobiKwik should come out clean

As the company has mentioned, it is planning to get a third-party audit, which can be seen as a welcoming step. However, the current stand and recent statement by the MobiKwik officials are adding more doubt to the minds of already panicked customers. When we are talking about millions of users, such a data breach cannot be taken lightly. MobiKwik should have got the third party audit at the time when it was reported the first time.

In our previous report, we mentioned that reports suggest the hackers have claimed that they are in contact with the company, and the sale was on hold for the time. Instead of throwing the users under the bus, MobiKwik could have skipped blame-shifting and end the statement to mention that they are getting a third-party audit.

  Support Us  

Whether NDTV or 'The Wire', they never have to worry about funds. In name of saving democracy, they get money from various sources. We need your support to fight them. Please contribute whatever you can afford

Searched termsMobikwik data breach
Multimedia graduate by education. Writer by profession. Poet by heart.

Related Articles

Trending now

Arvind Kejriwal nosedives into gutter politics, spreads lies during CMs’ video conference with PM, illegally airs private meeting

As soon as the PM got to know of this fact, he reprimanded Arvind Kejriwal for breaking protocol, and the telecast was immediately stopped. Reportedly, the PM said to Kejriwal, “You have broken a very imp protocol, such private conversation are never televised”.

ThePrint’s contributing editor caught on the wrong foot, tries to play vulture politics over death of colleague, gets called out: Here’s what happened

On Thursday (April 22), 'journalist' Shivam Vij took to Twitter to inform about the death of a college classmate named Shaoli Rudra.

At least 57 dead in hospital mishaps in 4 months in Maharashtra: Who is accountable for the loss?

Here's the list of 4 completely avoidable incidents that took place in Maharashtra in the last few months, amidst the Coronavirus pandemic

Odisha CM Naveen Patnaik is an example for counterparts: Speaks to PM, extends help to other states without political drama

Odisha CM speaks to PM Modi, promises all possible help in supplying oxygen to other states during Covid crisis.

Moneycontrol spreads misleading news second time in two days, first about oxygen export, now about Bharat Biotech and the price of vaccine

Moneycontrol has resorted to spreading misleading news about the pricing of COVID-19 vaccinations by Bharat Biotech and Serum Institute.

Shashi Tharoor spreads fake news about death of former Lok Sabha Speaker Sumitra Mahajan, Hindustan Times apologises too: Details

Congress leader Shashi Tharoor spread fake news about death of ex-Lok Sabha Speaker Sumitra Mahajan, several others joined in

Recently Popular

Priyanka Gandhi’s Twitter faux pas, takes three attempts for condolence tweet

At 10:38 AM, four minutes after her first tweet, Priyanka Gandhi Vadra tweeted correct condolence message to correct intended recipient on third attempt.

NDTV journalist Gargi Rawat Ansari shows how she is willing to sacrifice human lives so propaganda continues to reign supreme

NDTV journalist Gargi Rawat Ansari is married to Yusuf Ahmad Ansari, the great-grandson of former Congress President Mukhtar Ahmad Ansari

Sitaram Yechury’s son passes away due to Covid-19

The CPI(M) General Secretary in his tweet thanked all the medical staff who treated his son Ashish Yechury

TikTok Star Funbucket Bhargav, of OMG fame, arrested for raping minor girl

TikTok Star 'Funbucket Bhargav' arrested for raping a minor. Fans of actor Nithya wrongly assumed she was the victim.

Nithyananda bans Indians from entering Kailasa citing Covid-19, issues guidelines for ’embassies’ around the world

Sri Nithyananda of Kailasa has banned travelers from India into his fledgling nation amidst the second wave of the Covid-19 pandemic.
- Advertisement -


Connect with us