A new development has surfaced in the recent Mobikwik information leak fiasco. In an apparent act of goodwill, the attackers claimed to have deleted all the data they had access to and two backups of their servers.
The providers of the alleged Mobikwik data leak have cleared all data with a final report on the incident. The abusers point out that Mobinquik is digging deeper, denying the breach and decided to remove the data dump to avoid further controversy; they also add that Mobinquik data is protected and no one can misuse it, except of course Mobinquik for ads or targeted calls.
In what the attackers themselves called the world’s largest KYC data breach, they apparently decided not to sell the data, which was previously available for 1.5 bitcoin.
In the news: Data breach at Mobiquick: So far, the story has
In what appears to be an act of pandora, the attackers claimed to have erased all data from their servers, which consisted of a main database and two backups.
The site had also been modified to host a data dump page where users had to log in and verify their information to access the attacker’s message.
Screenshot of updated website of alleged Mobikwik Onion data dump
The lost database was approximately 8.2 terabytes in size and contained 36,099,759 files, representing approximately 3.5 million people, including 99,224,559 phone numbers, emails, hashed passwords, addresses, bank details and numerous other sensitive user data.
For those who were concerned that their information had been leaked from the Onion site, the attackers released some statistics about the base. It looks like there were about 60,000 pageviews with about 240,000 API bot calls and about 200,000 non-API bot calls.
Of the 33 million .jpg files the attackers had access to, only about 6,000 were published on the site. In addition, there is a sample file of 100 MB that the attackers believe is in the possession of several people.
MobiKwik began its journey as an online payment platform for consumers in 2009 and has since grown into a high-tech company that owns the Zaakpay payment gateway and offers investment funds and loans, among other things. Like the 22nd. In March, Mobiquick was reportedly considering an IPO in September. The attackers say the company is sinking further and the reports could potentially ruin the company’s IPO.
The next message from the invaders, word for word.
Message no. 1
So, we’ve probably received 100-150 emails/messages about this leak in the last 24 hours. People congratulating us on the hack, people wanting to learn how to hack, people wanting their data to stop appearing on a search portal, lawyers trying to sue the company and, as usual, security researchers and journalists asking for more information. We have replied to most people and blocked all the numbers we received as blocking requests so they do not appear on the portal.
All of India is affected by this leak as it affects 99 million users and 3.5 million users of kyc data. We have had very long and thorough discussions with independent security researchers about the implications of leaking or selling data, and we have decided to remove all data from our site because Mobikwik is incompetent at this point. Unfortunately, they only dig deeper, and we are not as ruthless as all those news reporters whose sole purpose is to destroy the company and report everything without thinking of the consequences, and destroy the company’s IPO.
Only Mobikwik and we have a copy of 8.2 tb of data. (You’ll get more anyway). And up until ten minutes ago, it was all Mobyquick. We have deleted all data and backed up all data on all our servers, as well as a small copy of the data uploaded to the server that housed the infamous Onion site. I removed it myself and there is no error here.
Now all your data is protected with Mobinquik and no one can misuse it, except of course Mobinquik for ads or targeted calls, which everyone does anyway.
We don’t want the company to dig deeper and bury itself.
I think we’ve all learned some valuable life lessons in the last few days. Adios.
Onion site statistics if you are concerned that someone has accessed your onion site data.
The total number of page views is 60,000 and the number of non bot api views is 240,000 and the number of bot api views is 200,000. The images on the website are 6k .jpeg files of 33m, while all the files in the data are 36m. So all the secondary markets advertising mobikwik data on Telegram and such – take it with a grain of salt.
These are all approximate figures, as we only collected them after we had eliminated all of them. Otherwise, there’s a ~100 mb sample file with a handful of people. Nothing like 8tb. So don’t worry about it.
By the way, we also get a lot of requests to hack Chinese companies. Lol. We don’t have the resources for new hacks at the moment. But we’re dropping everything we’ve already hacked into Chinese companies just because you asked. It’s probably unnecessary for most people. We’ll see.
Message no. 2
We’re getting replies that we’ve accepted the ransom.
That was our original idea. Later, people wanted GDPR-like rules in India, so we changed our stance by following the footsteps of the onion. Not anymore. (I should also say that this fiasco has allowed our other transactions to achieve their goals more quickly). So we didn’t accept a buyout in that transaction either.
In the news: Apple is rolling out a security update for iOS 14.4.2, iOS 12.5.2 and watchOS 7.3.3.
The one who writes/cuts/films/owns all the technology, and when he’s not around, switches to virtual machine races. You can contact Yadullah at [email protected], or follow him on Instagram or Twitter.