Mobikwik, an Indian digital payment wallet has become the victim of the largest data breach of 2021. In this recent data leak, it was found that the personal data of 11 crores customers of Mobikwik was put on sale on the dark web. The personal data contains the KYC of the customers including names, phone numbers, email addresses, passwords, and GPS locations. Hacker Jordan Daven took these 8TB worth of data directly from Mobikwik’s main server.
What Mobikwik is Saying
Although various independent researchers reported the discovery of a leaked dump, the company is denying any sort of data leak. Authority bodies of Mobikwik went one step further by calling the researchers that made the breach public “media-crazed”. They also accused researchers of presenting “concocted files” as evidence. A spokesperson from Mobikwik said that “We thoroughly investigated and did not find any security lapses. Our user and company data is completely safe and secure.” Due to such unreliable reactions, the fintech company lands in further trouble.
What Cyber Security Community is Saying
Initially, security researchers Technadu and Rajshekhar Rajaharia pointed out the nature and details of the alleged breach one month ago. After that, many different independent researchers such as French security researcher, Robert Baptiste also known as ‘Elliot Alderson’ verified the breach. Avinash Jain, another security researcher confirmed that the leak was real. He also added that it contained data of customers from as recently as January. According to Mr. Jain, the private data of users can be accessed in plain text as it was stored insecurely on their infrastructure.
How to Prevent Data Breach
There is a general assumption that a data breach happens because of a technocrat hacker. This is not always true. Data breaches may also happen due to the negligence of the company and individuals. Even a minor oversight of the flaw, error, and vulnerability can lead to the data breach. Therefore it is necessary to understand that even the smallest of the vulnerability can cause a massive data breach. A few of the best practices for avoiding a data breach in your company are listed here:
- Regular update and patching of the software your company uses to the latest version available.
- Limiting access to your most valuable data. Only a few handpicked personnel who require access to such delicate data should have it.
- High-grade encryption for all sensitive data.
- Conducting training on cybersecurity awareness for all employees. Such education may help the companies in avoiding socially engineered attacks.
- Enforcing BYOD security policies like requiring all devices to use a business-grade VPN service and antivirus protection.
- Developing a cyber breach response plan because a breach can occur at any time.
- In order to encourage better user cybersecurity practices, companies should encourage strong credentials and multi-factor authentication. Similarly, companies can foster the use of password managers among users.
Mobikwik data breach yet again serves as the distasteful truth for us that we are not taking the security of data in a serious way. Over the past few years, the number of data breaches is increasing. That’s why startups and companies must take the security of their users more seriously. Not only companies and organizations but also individuals should be aware of the protection of personal data. Only then we can guarantee safety and privacy on the internet. To wrap up, we must acknowledge that “Prevention is the Best Protection.”