Twitter punishes MobiKwik data leak whistleblower by temporarily locking account
Twitter temporarily locked the account of the MobiKwik whistleblower, allegedly at the behest of the company which was implicated in the largest ever data leak. Independent security researcher Rajshekhar Rajaharia had pointed out how personal data belonging to more than 10 crore MobiKwik users was allegedly put up for sale on the darknet. Rajaharia was banned from tweeting, retweeting, and liking tweets on Wednesday.
- MobiKwik denies breach, but attempts to take down Rajaharia's tweets
- MobiKwik nails Rajaharia on a technicality; Twitter disallows sharing emails
- Twitter reinstates security researcher's account after offending tweet was removed
- Rajaharia contends being forced to delete tweets hurts his credibility
- Twitter reportedly emailed Rajaharia about receiving takedown requests from MobiKwik
- RBI takes notice, orders MobiKwik to conduct immediate forensic audit
MobiKwik denies breach, but attempts to take down Rajaharia's tweets
Rajaharia's claims of the massive data leak were confirmed by French cybersecurity expert Robert Baptiste, also known by pseudonym Elliot Alderson. MobiKwik categorically denied the breach ever happened and instead dismissed the data dump as one of many false claims it receives. The company nevertheless made an attempt to take down Rajaharia's whistleblowing tweets according to emails reviewed by Entrackr.
MobiKwik nails Rajaharia on a technicality; Twitter disallows sharing emails
Twitter confirmed with Rajaharia that his account was locked because he had shared a screenshot of his email conversation with MobiKwik. The screenshot was tweeted as a proof that MobiKwik had denied the breach in an official capacity. However, sharing emails and other personal information is explicitly prohibited in Twitter's terms of service. MobiKwik's legal team essentially got Rajaharia on a technicality.
Twitter reinstates security researcher's account after offending tweet was removed
Rajaharia could only browse Twitter and send direct messages to his followers owing to the punishment. His account was reinstated after he took down the tweet where MobiKwik officially denied the leak. He contends that deleting such tweets hurts his credibility as an independent security researcher, because to the general public it appears as though he accepted bribes from MobiKwik to take down criticism.
Rajaharia contends being forced to delete tweets hurts his credibility
"This can potentially ruin the image of security researchers like me as people might think we deleted certain tweets after taking some money from companies we tweeted against," Rajaharia laments to Entrackr about being forced by Twitter to delete the tweet.
Twitter reportedly emailed Rajaharia about receiving takedown requests from MobiKwik
It wasn't unequivocally clear if Twitter took action against Rajaharia at the behest of MobiKwik, but this is the second such incident where his account was locked for tweets related to the MobiKwik whistleblowing. Not surprisingly, Entrackr reports that Twitter had emailed Rajaharia about receiving a takedown request from "One MobiKwik Systems Private Limited". MobiKwik seems to have attempted to censor Rajaharia's tweets.
RBI takes notice, orders MobiKwik to conduct immediate forensic audit
Earlier in March, LinkedIn had taken down Rajaharia's "defamatory" post on the MobiKwik leak. While the company has denied the data leak, it still seems to be engaged in PR fire control measures. Unfortunately for MobiKwik, the Reserve Bank of India has taken notice and ordered it to carry out a forensic audit of its systems by a certified auditor per a PTI report.
