Personal details of 11 crore Mobikwik users were up for sale on the dark web, according to an independent security researcher Rajshekhar Rajaharia.

The self-proclaimed security researcher disclosed the data breach initially in February 2021, saying that 6TB of KYC data and 350GB compressed mysql dump was up for sale on the dark web. According to multiple reports, the data was on sale for 1.5 bitcoin ( approx. USD86,000).

Sharing details of the data breach in a series of tweets, the researcher said that user's personal data including Aadhar card details, e-mail id, phone number, bank account details, GPS location etc. was allegedly leaked from Mobikwik's server in India.

Again!! 11 Crore Indian Cardholder's Cards Data Including personal details & KYC soft copy(PAN, Aadhar etc) allegedly leaked from a company's Server in India. 6 TB KYC Data and 350GB compressed mysql dump.@RBI @IndianCERT #InfoSec #dataprotection #Finance pic.twitter.com/yjc7davH3k — Rajshekhar Rajaharia (@rajaharia) February 26, 2021

In a tweet on Tuesday, Rajaharia shared a screenshot of his conversation with Mobikwik on March 1st, adding that he also reported a bug to which the fintech company denied initially and then addressed it within the next one hour.

My 1st March conversation With #Mobikwik after this serious data breach. I also reported a bug. They denied it too and removed that Bug in the next 1 hour. They saved their 1000 rupee bounty by denying it.#InfoSec #DataLeak #GDPR @sanjg2k1 @fs0c131y @troyhunt pic.twitter.com/pP0VRU0vqC — Rajshekhar Rajaharia (@rajaharia) March 30, 2021

Earlier this month, Mobikwik denied the claims made by Rajaharia. On March 4, the company tweeted, "A media-crazed so-called security researcher has repeatedly over the last week presented concocted files wasting precious time of our organization while desperately trying to grab media attention. We thoroughly investigated his allegations and did not find any security lapses."

"Our user and company data is completely safe and secure. The various sample text files that he has been showcasing prove nothing. Anyone can create such text files to falsely harass any company," the company further added.