Digital wallet and payments company MobiKwik, reportedly planning an initial public offering (IPO) around September this year to raise $200-250 million, on Monday denied claims that sensitive data of millions of its users has been leaked.
Independent cyber security researchers have claimed that a database containing KYC details of nearly 3.5 million users of MobiKwik is up for sale on the Dark Web.
First tweeted by independent cyber security researcher Rajshekhar Rajaharia and then by French researcher Elliot Alderson on Monday, the alleged breach includes 8.2TB data containing users’ phone numbers, emails, hashed passwords, addresses, bank accounts and card details.
MobiKwik, however, vehemently denied any such breach.
“Some media-crazed so-called security researchers have repeatedly attempted to present concocted files wasting precious time of our organisation as well as members of the media,” the company said in a statement shared with IANS.
“We thoroughly investigated and did not find any security lapses. Our user and company data is completely safe and secure,” the company added.
Alderson had tweeted: “Probably the largest KYC data leak in history.”
Rajaharia had claimed earlier that “11 crore Indian cardholder’s cards’ data including personal details and KYC soft copy (PAN, Aadhaar etc) allegedly leaked from the company’s server in India”.
According to the researchers, the entire database is available for 1.5 Bitcoin (nearly $84,000) on the Dark Web.
The reports surfaced as MobiKwik last week raised $7.2 million in a funding round prior to the listing on the stock exchange, according to regulatory filings with the Ministry of Corporate Affairs.
According to Entrackr, Mobikwik’s post-money valuation currently stands at $493 million with the latest funding round.