Skip to content

Attackers delete alleged Mobikwik data leak dump

  • by
  • 6 min read

There has been a new development in the latest Mobikwik data breach fiasco. In what seems to be an act of good faith, the attackers claimed to have deleted all data they had accessed, alongwith two backups from their servers. 

Sellers of the alleged Mobikwik data leak dump have deleted all the data with a final message concerning the incident. The attackers point out that Mobikwik is digging “themselves deeper” by denying the breach and have decided to delete the data dump to avoid further controversy; further adding that “the data is secure with Mobikwik and no one can misuse it except of course Mobikwik for targeted ads or call”.

In what the attackers themselves claimed to be the world’s largest KYC data leak, it seems that they have decided against selling the data, which was earlier available for 1.5 bitcoin.

In the News: Mobikwik Data Breach: The story so far

Attackers delete the data with an ‘Adios’

In what seems to be an act of good faith, the attackers have claimed to deleted all data from their servers, which consisted of one main database and two backups. 

The onion site that hosted the data dump page for users to log on and check their information has also been modified to link the attacker’s message.

Attackers delete alleged Mobikwik data leak dump
Screenshot of the updated alleged Mobikwik data dump Onion website

The alleged leaked database was around 8.2 terabytes in size, containing 36,099,759 files that amount to around 3.5 million people’s KYC details, including 99,224,559 user’s phone numbers, emails, hashed passwords, addresses, bank details and a bunch of other sensitive data. 

For those scared that their information would’ve been scraped from the onion site, the attackers posted some stats regarding the base. It seems like there were about 60,000 page views with roughly 240,000 bot API calls and about 200,000 non-bot API calls. 

Out of the 33 million .jpg files that the attackers gained access to, only about 6000 were hosted on the site. Apart from this, there’s a 100MB sample file which is with a couple of people, as reported by the attackers.

MobiKwik began its journey as a consumer-focussed online payments platform in 2009 and has since evolved into a fintech company that owns a payment gateway, Zaakpay, and offers loans and mutual fund investments, among others. According to reports from March 22, Mobikwik is eyeing an IPO in September. The attackers say that the company is “digging themselves more”, and news reports might potentially “destroy the company’s IPO.

Attackers delete alleged Mobikwik data leak dump

Following is the message from the attackers, verbatim.

Message #1

“So, we have received probably 100-150 mails/messages last 24 hours regarding this leak. People praising us for hacking???, people wanting to learn hacking, people asking to block their details from showing in search portal, to lawyers trying to sue company, and as usual security researchers and news reporters asking for more details. We have replied to most people and blocked all the numbers we got in block requests not to show in portal.

All of India is worried about this leak as it is 99 million users and 3.5 million users kyc details. We have very long and deep conversations with some independent security researchers about the consequences if data is leaked or sold and decided we will delete all data from our end as Mobikwik is incompetent in that regard. Sadly they are just digging themselves more and we are not as ruthless as all those news reporters whose only aim is to destroy the company and report anything without thinking about consequences and to destroy the company’s IPO.

Only Mobikwik company and we have the copy of 8.2 tb data. (They will have more anyway). And as of 10 mins back only mobikwik have it. We deleted all data and 2 backups of all of data from all our servers and small copies of data loaded into server which hosted the infamous onion site. I’ve done this deletion myself and no foul play here.

Now all of your data is secure with Mobikwik and no one can misuse it except of course Mobikwik for targeted ads or call which everyone does anyway.

We just don’t want to see a company dig themselves deeper and bury themselves in.
Guess we all learned some useful life lessons during this past couple of days. Adios.

Stats of onion site if you are afraid that someone scraped your data from onion site.

Total page views 60k and non bot api calls 240k and bot api calls ~200k. Images on site – 6k out of 33m .jpeg files while all files in data are 36m. So, all the secondary markets who advertise mobikwik data on telegram and all – take them with a pinch of salt.

All are rough figures as we didn’t collect these before wiping everything. Apart from this, there’s ~100 mb sample file with handful of people. Nothing compared to 8 tb. So no worries.

BTW we also got lotta requests asking to hack Chinese companies. lol. 😂 We currently don’t have resources to do new hacks. But we will dump whatever we already have hacked on Chinese companies just because you all asked. Probably no use for most people. Let’s see.

Message #2

haha. btw we are getting responses that we accepted ransom.

Originally that was our idea. Later people wanted GDPR type rules in India, so we changed our stance by putting a msg in onion site footer. Now nothing. (Also I should say this fiasco helped our other ventures move faster to goals) So, we didn’t accept any ransom payment too in this deal.

In the News: Apple rolls out security update iOS 14.4.2, iOS 12.5.2 and watchOS 7.3.3

Yadullah Abidi

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: