Having initially dismissed reports of the leak of 100 million customer files on the dark web, Indian payments processor MobiKwick has brought in external investigators to conduct a forensic data security audit.
The alleged leak was first exposed early last month by Indian security researcher Rajshekhar Rajaharia
His posting received a ferocious response from MobiKwik, accusing him of concocting the data and threatening legal action, a reaction which led one commentator to accuse the firm of going 'all Iraqi general' on the reports A month on and MobiKwik admits that "some users have reported that their data is visible on the darkweb".
The firm says it undertoook an internal investigation when reports of the hack first surfaced but found no evidence of a breach of its systems.
In a statement on the latest developments Mobikwik says: "The company is closely working with requisite authorities, and is confident that security protocols to store sensitive data are robust and have not been breached. Considering the seriousness of the allegations, and by way of abundant caution, it will get a third party to conduct a forensic data security audit."
The firm believes that stolen data from users may have been accessed from other third party sites: "It is entirely possible that any user could have uploaded her/ his information on multiple platforms. Hence, it is incorrect to suggest that the data available on the darkweb has been accessed from MobiKwik or any identified source."