Major MobiKwik Hack
PowerKee’s Bastion of Privacy #18
The struggles around data protection recently received another blow as Indian payment processor and wallet provider MobiKwik was allegedly hacked. Although the company has denied this allegation, more evidence of the hack is being brought to light through multiple reports.
Customer data in the wrong hands is dangerous. Hackers can sell stolen data on the dark web where multiple buyers can access them for nefarious reasons.
In the latest Bastion of Privacy, we highlight the details of the MobiKwik hack. We consider the importance of robust data security measures and how netizens can better secure their data and finances.
PowerKee has also been making phenomenal progress on our network and wallet development. We have carefully considered the wallet design to ensure that the user experience is extremely intuitive.
The wallet will be released within the first two weeks of April. The below screenshots share a preview of how the dashboard will be presented and some of the introductory and setup displays. PowerKee makes privacy easy. Having a seamless user experience is an integral part of fulfilling this promise.
Stolen Data Selling For 1.5 BTC
8.2 TB of sensitive data of MobiKwik users was recently advertised in a popular hacker forum. The data consisted of ID scans, passports, selfies, emails, phones, addresses, passwords, and other critical information.
The seller put up a price of 1.5 BTC for buyers interested in the entire package. The 1.5 BTC price tag included the following.
- Total 350GB MySQL dumps (500 databases)
- Over 99 million data points for mail, phone, passwords, addresses, apps installed, IP address, and GPS location
- Over 40 million data points for 10 digit card number, month/year, card SHA256 hash
- Databases with company data
- ~7.5 TB of data which includes ~3 million of Merchant KYC information that stored passports, Aadhar cards, pan cards, and selfies.
The consequences of this hack could have a long-running effect on every party involved, especially the customers whose data was stolen. Already there has been a claim of successful impersonation by one of the data thieves who has used some of the stolen information to procure a couple of loans as a proof of concept.
MobiKwik has denied this report that the hack occurred, describing it as a presentation of concocted files. The company insists that its user and company data are completely safe and secure.
Regardless of whether the hack happened, this development will cost MobiKwik significant money and time. MobiKwik users have entered panic mode.
The uncertainty has caused many to seek to delete their account or to create customer support tickets. The customer support tickets alone will impose an enormous cost on MobiKwik.
Third-party platforms also become exposed as they may provide their service to an entity that is using stolen details. For instance, the hackers claimed that they successfully secured loans using the stolen details.
Cases like these are causing solutions over the internet to go the extra mile in the search for cyber protection. Many platforms are adopting the implementation of multiple security measures at the same time.
Total System Overhaul Is Needed
A survey by Acronis, a global leader in cyber protection revealed that investments in multiple security systems by organizations did not solve their security problems. According to the survey, 80% of companies ran as many as 10 solutions simultaneously for data protection and cybersecurity needs. However, more than half of the organizations surveyed experienced security breaches during the period under investigation.
The case of MobiKwik and the report by Acronis both suggest that global cybersecurity systems need to be completely restructured. The popular data protection and cybersecurity implementations are becoming obsolete and may not be able to withstand the dynamic attacks of hackers.
PowerKee is one alternative that netizens can consider for protecting their financial data. In MobiKwik, sensitive data was stored on a central server, making it vulnerable and attractive to attack. In PowerKee, data is stored in a heavily-encrypted decentralized network, making it extremely costly to attack. Even if attackers successfully breach PowerKee, the collected data will be unreadable without the key to decrypt the data.
PowerKee is a cryptocurrency network that makes privacy easy. Users can transact cheaply and instantly while maintaining anonymity. The PowerKee protocol uses a mixture of zero-knowledge proofs and coin mixing to provide strong privacy assurances to its users.