Sensitive data belonging to millions of cardholders and users stored on MobiKwik's servers has been compromised and put up for sale online, according to several security researchers. The news of a massive data breach does not portend well for the digital payments company, which is in the midst of preparing itself for an initial public offering during the second half of this year. The data breach was first reported by cyber security researcher Rajshekhar Rajaharia back in February this year. On Monday, French security researcher Robert Baptistse (who goes by the pseudonym Elliot Anderson) said on Twitter that the breach was possibly one of the largest data leaks of Know-Your-Customer (KYC) information in history. Baptistse' tweet has since been pulled down by Twitter for violating its rules. The data dump, around 8.2 terabytes worth, allegedly belongs to users of the payments application and includes their sensitive financial and personal information. It includes: Leaked database contains 8.2 TB worth of data, 36 million files containing KYC information belonging t0 3.5 million people Around 7.5 TB worth of KYC data pertaining to over 3 million merchants on MobiKwik's network. Includes a total of 350 GB of MySQL dumps that include 500 databases Contains 99 million users' phone numbers, emails, hashed passwords, addresses, bank accounts and card details Over 40 million card details, up to 10 digits, have also been leaked with month, year and card hash data Massive data dump on sale According to screenshots of the leak seen by MediaNama, the…
