Timeline of Orphan/Unclaimed data of 10 Crore Indian Card Holder Including KYC

Rajshekhar Rajaharia
4 min readApr 2, 2021

--

10 Crore Indian Cardholder’s Cards Data Including personal details & KYC soft copy(PAN, Aadhar etc) allegedly leaked

24th Feb 2021 10:16 AM (Unknown TimeZone) - DarkWeb Forum

25th Feb 2021 10:10 AM (IST) — Discord Group By Hacker

Jordandaven — The Hacker who leaked data
Hacker — Unknown member of this group (might be a buyer)

Sample Data shared in this group Seems to be MobiKwik (25th Feb 1:20 PM IST)

25th Feb 2021 1:34 PM IST — I alerted Mobikwik Founder

25th Feb 2021 Around 2:30 PM — Hacker Posted He lost access to main company servers.

No responce till today.

26th Feb 2021 9:06 PM — Posted on twitter that there is a massive data leak

27th 2021 12:39 AM IST — After my tweet CERT-IN asked complete details

1st March 2021 1:39 PM IST — I also found and reported a BUG to mobikwik

1st March 2021 5:48 PM IST — Mobikwik denied in just 4 Hour.

(In Just 4 hour they Denied me and later Fixed/Deleted infected API to remove evidence)

1st March 2021 6:13 PM IST— My reply to MobiKwik

(Later on 4th March I informed about this issue to CERT-IN also)

4th March 2021 12:21 PM IST — Hacker again shared a new Sample

I immediately informed Mobikwik and Cyber Police Station too

Still No Responce from Mobikwik

4th March 2021 5:07 PM IST — I again alerted CERT-in about this new Sample including above

CERT-IN Registered complaint immidiately

4th March 2021 8:27 PM IST — Mobikwik posted on Twitter that they will take strict legal action (without name)

5th March 2021 5:20 AM — Linked Deleted my Post related to Massive Data Leak (There was no company name)

5th March 1:39 PM IST — Also informed to RBI, Government, CERT-IN, PCI and Concerned Departments (Mailed them complete details till 5th march)

9th March 2021 — Twitter Locked My account and Deleted my tweet

12th March 2021 6:45 PM IST — Got a mail from Twitter (Mobikwik complaint to twitter)

27th March 2021 09:31 AM — Hacker Posted Complete Mobikwik Data on Darkweb and Created a Search Engine of 10 Crore Indian Card Holders Data

31st March 2021 3:56 PM IST — Twitter Again Deleted my Tweet and Locked my account for 12 Hour

Mobikkwik never replied to me till today.

--

--

Rajshekhar Rajaharia
Rajshekhar Rajaharia

Written by Rajshekhar Rajaharia

I am a Entrepreneur, Security Researcher & Growth Hacker. https://www.rajaharia.com/

Responses (1)