#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

KYC data | Breaking Cybersecurity News | The Hacker News

MobiKwik Suffers Major Breach — KYC Data of 3.5 Million Users Exposed

MobiKwik Suffers Major Breach — KYC Data of 3.5 Million Users Exposed

Mar 30, 2021
Popular Indian mobile payments service MobiKwik on Monday came under fire after 8.2 terabytes (TB) of data belonging to millions of its users began circulating on the dark web in the aftermath of a major data breach that came to light earlier this month. The leaked data includes sensitive personal information such as: customer names, hashed passwords, email addresses, residential addresses, GPS locations, list of installed apps, partially-masked credit card numbers, connected bank accounts and associated account numbers, and know your customer (KYC) documents of 3.5 million users. Even worse, the leak also shows that MobiKwik does not  delete the card information  from its servers even after a user has removed them, in what's likely a breach of government regulations. New guidelines issued by India's apex banking institution, the Reserve Bank of India,  prohibit  online merchants, e-commerce websites, and payment aggregators from storing card details of a customer online.
Binance Confirms Hacker Obtained Its Users' KYC Data from 3rd-Party Vendor

Binance Confirms Hacker Obtained Its Users' KYC Data from 3rd-Party Vendor

Aug 26, 2019
As suspected, the KYC details of thousands of Binance's customers that hackers obtained and leaked online earlier this month came from the company's third-party vendor, Malta-based cryptocurrency exchange Binance confirmed. For those unaware, Binance, the world's largest cryptocurrency exchange by volume, hit by a " Potential KYC leak " earlier this month, with an unknown hacker distributing the Know Your Customer (KYC) images of hundreds of its users online and to media outlets. Before leaking the KYC images online, the alleged hacker threatened the exchange to release KYC data of its 10,000 customers if the company did not pay 300 Bitcoins—equivalent to over $3 million at today's exchange value. While Binance CEO Changpeng Zhao called the incident a fud (fear, uncertainty, doubt), the exchange recently confirmed that some of the leaked images match actual accounts though others show evidence of manipulation. According to an official blog post , t
SaaS Compliance through the NIST Cybersecurity Framework

SaaS Compliance through the NIST Cybersecurity Framework

Feb 20, 2024Cybersecurity Framework / SaaS Security
The US National Institute of Standards and Technology (NIST) cybersecurity framework is one of the world's most important guidelines for securing networks. It can be applied to any number of applications, including SaaS.  One of the challenges facing those tasked with securing SaaS applications is the different settings found in each application. It makes it difficult to develop a configuration policy that will apply to an HR app that manages employees, a marketing app that manages content, and an R&D app that manages software versions, all while aligning with NIST compliance standards.  However, there are several settings that can be applied to nearly every app in the SaaS stack. In this article, we'll explore some universal configurations, explain why they are important, and guide you in setting them in a way that improves your SaaS apps' security posture.  Start with Admins Role-based access control (RBAC) is a key to NIST adherence and should be applied to every SaaS a
Cybersecurity Resources