India is witnessing one of the most significant data breaches in history. Users, security researchers and news organisations have reported that data of 10 crore Indians, including their passport details, addresses and phone numbers, is available for sale on the dark web. As per press reports, the data was in the custody of MobiKwik, which provides a mobile based payment system. While MobiKwik has denied the data breach, independent security researchers and Indian Express have verified that details of MobiKwik users are available on the dark web. We have written to the Computer Emergency Response Team (CERT-IN) asking them to initiate an inquiry over the data breach in terms of Section 70B(6) of the Information Technology Act, 2000. In this post, we point out the five steps MobiKwik must take to alleviate the situation.
This is a companion discussion topic for the original entry at https://internetfreedom.in/mobikwik-data-breach/