India’s recent privacy controversy is growing particularly severely day by day, even by the standards of past incidents in the country.
MobiKwik, a well-known fintech start-up, is now alerting security researchers and their customers over potentially large-scale data breache claims. According to a report last month, data from millions of customers was for sale on the dark web. The company denied this and said there was nothing wrong with the investigation. The denial has been independently countered by others who say there is evidence to provide credibility to the claim.
In India, lack of action from private sectors or regulators such as India’s Computer Emergency Response Team (CERT-In) has forced security researchers to publish, often targeting themselves in the process. There is. This is what is happening at Rajshekhar Rajaharia, a security researcher who first warned MobiKwik about potential data breaches.
Rajaharia first contacted MobiKwik in the last week of February and responsibly disclosed the issue by pointing out how a malicious attacker attempted to sell the data on the dark web.
MobiKwik not only issued a prompt refusal, but also implicitly threatened Rajaharia with legal action. As early as March 4, MobiKwiks’ official Twitter account issued a statement claiming that the legal team would track security researchers who are “media crazy” about brand abuse.
Due to the lack of special protection, cybersecurity researchers often face legal threats blaming unauthorized access and defamation.
Finally, our legal team will take strict action against this so-called researcher who is trying to undermine our brand’s reputation for morale. n / n
— MobiKwik (@MobiKwik) March 4, 2021
After a hacker who apparently violated MobiKwik presented more evidence by making the data searchable by anyone, Rajaharia shared details on tweets of interactions with the MobiKwik team and how to ignore alerts. Did.
Since then, researchers, experts, and customers have independently pointed out why there are real concerns. However, MobiKwik continues to claim that there was no breach, and instead seems to blame users for posting the data on the dark web.
Last week, Mobi Kwik apparently issued a legal notice to Twitter to withdraw Rajaharia’s tweet. Twitter temporarily lost access to Tweets and was locked out of your account. Restore later only after deleting the offending tweet.
The MobiKwiks legal team appears to have tracked Rajaharia on all other platforms and released details of the case. For example, his post on LinkedIn was also blocked after a notice was issued claiming infringement of intellectual property rights.
Linkedin also deleted my post on March 5th related to a massive data breach of financial data for a billion rupee users. I don’t think there is a platform where you can ask questions to companies and governments. @LinkedIn @LinkedInHelp #mobikwik #MobikwikDataLeak @jackerhack @internetfreedom pic.twitter.com/9PBwJ8k3kQ
–Rajshekhar Rajaharia (@rajaharia) April 1, 2021
This tendency, adopted by Indian companies to silence those who oppose the organization using ambiguous legal claims, is a matter of curbing freedom of speech and ending accountability. It’s clear that keeping Rajshekar out of his account and threatening to chase him legally has been penalized for issues that could affect the privacy of millions of people.
Why work so hard to silence coverage and debate about incidents that millions of users are interested in? Instead, why not explain it as clearly as possible? This tradition of ignoring security alerts and blaming whistleblowers for getting the public’s attention to the issue is common among Indian companies. The primary defender of this policy is the Government of India itself, which has a habit of ignoring all warnings directed at them and is chasing researchers to point out cybersecurity issues.
Over the past few days, both the Reserve Bank of India and CERT-In have awakened to the MobiKwik issue, the former ordering a court audit.
While waiting for the results of this audit, the bigger problem remains of talking openly about potential security issues. It’s easier to blame security researchers than companies actually invest in security. Companies ignore it because there is no economic cost associated with data breaches. Citizens’ concerns are ignored for the economic benefit of the private sector, whether they have a fundamental right to privacy or no regulatory interest in acting.
One of the reasons why many Indian security reports are published through the Twitter account of French researcher Robert Baptise (Elliot Alderson) is that Indian researchers are afraid of retaliation from the private sector and the government. With the involvement of large corporations and governments, it is nearly impossible to responsibly disclose cybersecurity incidents in India without the risk of legal action.
An important part of the data protection law debate in India is whether to give protection to researchers who point out real concerns related to cybersecurity. This issue has been repeatedly presented to the Srikrishna Commission and ignored.
The data protection bill proposed by the Commission proposes penalties whether the data is reported responsibly to the authorities or if an attempt is made to anonymize the data.
Security researchers around the world are working with authorities to improve the need for responsible security disclosure programs. Security by hiding has long been established to be useless to anyone and actually harm everyone, as it will be exploited in the future, ignoring the entire vulnerability. Large companies understand the importance of these exercises and are already working with researchers by facilitating these activities.
Countries that understood the importance of security disclosure sought to include security disclosure in the law by protecting researchers who make responsible disclosures on time. The 2018 UK Data Protection Bill proposes amendments to protect security researchers if they conduct research for the public good and report findings within 72 hours. It was. In India, there is no discussion in this direction. This criminalization of security researchers does not help anyone and actually makes us more vulnerable.
Srinivas Kodali is a researcher in the Indian Free Software Movement.
What Are The Main Benefits Of Comparing Car Insurance Quotes Online
LOS ANGELES, CA / ACCESSWIRE / June 24, 2020, / Compare-autoinsurance.Org has launched a new blog post that presents the main benefits of comparing multiple car insurance quotes. For more info and free online quotes, please visit https://compare-autoinsurance.Org/the-advantages-of-comparing-prices-with-car-insurance-quotes-online/ The modern society has numerous technological advantages. One important advantage is the speed at which information is sent and received. With the help of the internet, the shopping habits of many persons have drastically changed. The car insurance industry hasn't remained untouched by these changes. On the internet, drivers can compare insurance prices and find out which sellers have the best offers. View photos The advantages of comparing online car insurance quotes are the following: Online quotes can be obtained from anywhere and at any time. Unlike physical insurance agencies, websites don't have a specific schedule and they are available at any time. Drivers that have busy working schedules, can compare quotes from anywhere and at any time, even at midnight. Multiple choices. Almost all insurance providers, no matter if they are well-known brands or just local insurers, have an online presence. Online quotes will allow policyholders the chance to discover multiple insurance companies and check their prices. Drivers are no longer required to get quotes from just a few known insurance companies. Also, local and regional insurers can provide lower insurance rates for the same services. Accurate insurance estimates. Online quotes can only be accurate if the customers provide accurate and real info about their car models and driving history. Lying about past driving incidents can make the price estimates to be lower, but when dealing with an insurance company lying to them is useless. Usually, insurance companies will do research about a potential customer before granting him coverage. Online quotes can be sorted easily. Although drivers are recommended to not choose a policy just based on its price, drivers can easily sort quotes by insurance price. Using brokerage websites will allow drivers to get quotes from multiple insurers, thus making the comparison faster and easier. For additional info, money-saving tips, and free car insurance quotes, visit https://compare-autoinsurance.Org/ Compare-autoinsurance.Org is an online provider of life, home, health, and auto insurance quotes. This website is unique because it does not simply stick to one kind of insurance provider, but brings the clients the best deals from many different online insurance carriers. In this way, clients have access to offers from multiple carriers all in one place: this website. On this site, customers have access to quotes for insurance plans from various agencies, such as local or nationwide agencies, brand names insurance companies, etc. "Online quotes can easily help drivers obtain better car insurance deals. All they have to do is to complete an online form with accurate and real info, then compare prices", said Russell Rabichev, Marketing Director of Internet Marketing Company. CONTACT: Company Name: Internet Marketing CompanyPerson for contact Name: Gurgu CPhone Number: (818) 359-3898Email: [email protected]: https://compare-autoinsurance.Org/ SOURCE: Compare-autoinsurance.Org View source version on accesswire.Com:https://www.Accesswire.Com/595055/What-Are-The-Main-Benefits-Of-Comparing-Car-Insurance-Quotes-Online View photos
to request, modification Contact us at Here or [email protected]