April 01, 2021
either/view ⚖️
It’s leaking, again!

To: either/view subscribers


Good morning. What is common between BigBasket, Juspay, LimeRoad and Zee5? Well, all these companies were alleged to be victims of data breaches in the past. Although the data leaks were widely reported in the media, all these companies had either officially denied that the leaks happened or refused to divulge the extent of the leaks.


📰 FEATURE STORY

Story behind the alleged MobiKwik data breach

The Internet Freedom Foundation (IFF) has written a letter to Computer Emergency Response Team (CERT-IN) to initiate an inquiry into the alleged massive data breach from MobiKwik’s servers and the conduct of the company and its executives in the aftermath of the expose. CERT-IN is the nodal agency that deals with cybersecurity threats in India.

Context

The internet is abuzz with allegations that close to 100 million user records have been leaked online after MobiKwik was allegedly hacked. The hacker claimed to have access to 8.2 terabytes of MobiKwik user data which included phones numbers, email addresses, encrypted password hashes, transaction details and partial credit/debit card numbers. The data was put on sale for an asking price of 1.5 Bitcoins (approximately ₹65 lakh as on March 31, 2021) in the dark web (although recent reports suggest that the data has been destroyed by the hacker). Despite evidence from independent cyber security researchers and users, MobiKwik stated that claims of data breach were incorrect.

It must also be noted that MobiKwik is planning to go for an IPO this year. The alleged data breach could affect its plans for a successful listing.

Allegations by cyber security researchers:

On February 26, 2021, a cyber security researcher named Rajshekhar Rajaharia wrote on Twitter that personal details including KYC data containing PAN, Aadhaar as well as cardholders’ card details of 11 crore Indians have been allegedly leaked from an Indian company’s server.

On March 4, 2021, Rajshekhar tweeted again alleging that a hacker had claimed that the massive data leak occurred from MobiKwik’s server.

The issue was brushed aside by the company until other security experts like Alon Gal (Co-Founder & CTO of Israeli security firm Hudson Rock) tweeted about the breach.

Some reports alleged that MobiKwik had reached out to an Amazon representative apparently after coming to know that their cloud storage data (S3) was downloaded by some unknown person not belonging to the organization.

MobiKwik’s response:

On March 4, 2021, MobiKwik wrote on Twitter that the allegations of data breach were investigated, and no security lapse were found as alleged by “a media-crazed so-called security researcher” (seemingly referring to Rajshekhar Rajaharia). The company also stated that it would be taking legal action against the researcher for trying to malign their brand reputation.

After other cyber security experts and users confirmed that the data breach had occurred through MobiKwik’s servers, the company issued a long statement reaffirming its stance that the allegations were incorrect. The company seems to have put the onus on its users for the data breach.

“Some users have reported that their data is visible on the darkweb. While we are investigating this, it is entirely possible that any user could have uploaded her/ his information on multiple platforms. Hence, it is incorrect to suggest that the data available on the darkweb has been accessed from MobiKwik or any identified source,” the statement read.

It further stated that external security experts had helped in its investigation and they did not find any evidence of a breach of sensitive data. It also noted that the company would get a third party to conduct a forensic data security audit considering the serious nature of the allegations.

“For our users, we reiterate that all your MobiKwik accounts and balances are completely safe. All financially sensitive data is stored in encrypted form in our databases. No misuse of your wallet balance, credit card or debit card is possible without the one-time-password (OTP) that only comes to your mobile number. We strongly recommend that you do not try to open any darkweb/anonymous links as they could jeopardize your own cyber safety,” the statement concluded.


🕵️ BEYOND ECHO CHAMBERS

For the Right:

For the Left:


🗳️ ELECTION WATCH

Assam

(126 constituencies – 3-phase polls)

  • Polling for the second phase of assembly elections in the state will take place today. A total of 345 candidates will be vying for victory in 39 constituencies.

Kerala

(140 constituencies – 1-phase poll)

  • Alleging discrepancies in the voters’ list for the upcoming assembly elections, the Leader of Opposition Ramesh Chennithala released a list of 4.34 lakh bogus voters. He said the list is available at the website operationtwins.com.

Tamil Nadu

(234 constituencies – 1-phase poll)

  • Arappor Iyakkam, a non-governmental organization (NGO), has released a mobile app named ‘Arappor Iyakkam – Empowering Citizens’ on both Android and iOS platforms. The app has a ‘Know your candidate’ section that provides details regarding each candidate, including assets, income and criminal cases (if any). The data is sorted constituency-wise for ease of use.

West Bengal

(294 constituencies – 8-phase polls)

  • The second phase of polling for the upcoming elections will take place today. 191 candidates are in the fray for 30 constituencies. The high-profile Nandigram constituency will also be going to the polls today where Chief Minister Mamata Banerjee is competing against her former party member and current BJP candidate Suvendu Adhikari.

🏴 STATE OF THE STATES

House not in order (Karnataka) – Rural Development and Panchayati Raj (RDPR) Minister KS Eshwarappa has submitted a formal complaint against Chief Minister BS Yediyurappa to Governor Vajubhai Vala, accusing the CM of making allocations worth ₹774 crore from his department bypassing him. The Minister stated that the CM was administering in an “authoritative way”. He also accused the CM of violating “established practices and procedures relating to the affairs of the state”. The letter of complaint was also marked to Prime Minister Narendra Modi, Home Minister Amit Shah and BJP National President JP Nadda.

Free ride (Punjab) – The state cabinet has approved free travel for women in Punjab’s government buses. Women can now travel for free in buses of Punjab Roadways Transport Corporation (PRTC), Punjab Roadways and city bus services run by local bodies. However, women cannot travel for free in government-run air-conditioned, Volvo and HVAC (heating, ventilation and air conditioning) buses.

Virus attack (Gujarat) – Till date, 191 people were affected by COVID-19 in Indian Institute of Management, Ahmedabad (IIM A). While 137 people have recovered, 54 are currently in quarantine. 86 students, 4 faculty members and 41 staff members were among those who had tested positive for the virus.


🔢 KEY NUMBER

140 Rank of India in World Economic Forum’s Global Gender Gap Report 2021. The country has slid 28 places from its previous rank of 112 in 2020. According to WEF, “The Global Gender Gap Index benchmarks the evolution of gender-based gaps among four key dimensions (Economic Participation and Opportunity, Educational Attainment, Health and Survival, and Political Empowerment) and tracks progress towards closing these gaps over time.”