The Reserve Bank of India (RBI) has ordered a third-party forensic audit into the allegations that over 8.2 terabytes worth of sensitive user data was compromised from MobiKwik's servers over the last few months. The Press Trust of India was the first to report the development that the RBI has ordered an immediate forensic audit of the company's systems by a CERT-IN empanelled auditor and submit the report without any delay. The initial reports that user data from MobiKwik had been accessed by a hacker first came about towards the end of February this year, however it went under the radar. That is until this week, when a website created by the hacker to showcase the authenticity of the hack appeared on the darkweb. The website lets user check if their data, stored by MobiKwik, was leaked as part of the data dump. The database has since been pulled down from the website. Leaked database contains 8.2 TB worth of data 36 million files containing KYC information belonging t0 3.5 million people Around 7.5 TB worth of KYC data pertaining to over 3 million merchants on MobiKwik’s network. Includes a total of 350 GB of MySQL dumps that include 500 databases Contains 99 million users’ phone numbers, emails, hashed passwords, addresses, bank accounts and card details Over 40 million card details, up to 10 digits, have also been leaked with month, year and card hash data According to the report, MobiKwik contacted CERT-IN on the issue, which in turn shared…
