Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Leading Indian Fintech Platform MobiKwik Denies Data Breach

Leading Indian Fintech Platform MobiKwik Denies Data Breach

Indian digital financial services platform Mobikwik denies claims that almost 8 TB of data put up for sale was allegedly stolen from its servers.

This privately held fintech platform provides financial services and a phone-based payment gateway to more than 120 million users.

Mobikwik says that approximately 3 million merchants and over 300 billers are currently using its services.

Personal and financial info of millions up for sale

Security researcher Rajshekhar Rajaharia discovered a threat actor attempting to sell what he claimed to be a database of sensitive info stolen from MobiKwik after having access to the company’s servers since January 2021.

After Rajaharia revealed his findings on Twitter last month, MobiKwik denied having been affected by this massive data breach, saying that Rajaharia wants to “grab media attention.”

The company also said that “user and company data is completely safe and secure” since an investigation ” did not find any security lapses.” 

MobiKwik added that its “legal team will be pursuing strict action against this so-called researcher who is trying to malign our brand reputation for ulterior motives.”

Also Read: Compliance Course Singapore: Spotlight On The 3 Offerings

The data allegedly stolen from MobiKwik contains personal and financial information (addresses, phone numbers, emails, and hashed passwords) of almost 100 million individuals, and bank accounts and card details of around 40 million.

The database being sold online also includes the KYC (Know Your Customer) data of roughly 3.5 million Indians.


The threat actor who put the allegedly stolen data up for sale also created a search portal to allow anyone to check if their data is included in the stolen data.

The search field has since been removed due to a large amount of traffic and to add a captcha for blocking bots trying to scrape the data.

MobiKwik data leak Onion portal

Mobikwik denies breach again, points finger at customers

Today, the company doubled down on their previous statement, denying again that the data breach ever happened and saying that customers who found their data exposed on the dark web might’ve uploaded the data themselves.

“Some users have reported that their data is visible on the darkweb,” MobiKwik said in a statement published today.

“While we are investigating this, it is entirely possible that any user could have uploaded her/ his information on multiple platforms.

“Hence, it is incorrect to suggest that the data available on the darkweb has been accessed from MobiKwik or any identified source.”

MobiKwik says that external security experts found no evidence of a data breach following a thorough investigation since the breach was reported by Rajaharia last month.

Security audit planned 

The fintech platform will also hire third-party experts for a security audit, although its services have most likely not been breached.

“The company is closely working with requisite authorities, and is confident that security protocols to store sensitive data are robust and have not been breached,” MobiKwik said.

“Considering the seriousness of the allegations, and by way of abundant caution, it will get a third party to conduct a forensic data security audit.”

MobiKwik also reinsured customers that their accounts are safe and that their financial information is stored in encrypted form.

Also Read: Considering Enterprise Risk Management Certification Singapore? Here Are 7 Best Outcomes

Over ten years ago, MobiKwik suffered a breach after attackers gained access to some of its servers and sent emails offering to sell confidential info belonging to MobiKwik users.



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us