A security researcher who was the first to claim on Twitter a security breach suffered by MobiKwik, found that his account was restricted by the microblogging platform on Wednesday.
Rajshekhar Rajaharia was the first to bring to light a purported data breach at MobiKwik in which hackers had revealed the information of at least 10 crore users of the payment app.
Twitter told Rajaharia that his account was locked for a tweet in which he had shared a screenshot of his email conversation with MobiKwik, where the company had denied facing a security breach.
Rajaharia said that he was told by Twitter that the tweet violated its rules against posting private information.
This meant that Rajaharia’s Twitter account was good only for browsing the site and sending direct messages to his followers. Rajaharia said that the platform banned him from tweeting, retweeting and liking until he took down the tweet in question.
Rajaharia told Entrackr that his account was restored only after he deleted the tweet.
Twitter and MobiKwik have not responded to our queries.
“This can potentially ruin the image of security researchers like me as people might think we deleted certain tweets after taking some money from companies we tweeted against,” Rajaharia told Entrackr.
“And if I can’t ask a company a question, why does Twitter even allow them to have support handles in the first place?”
It is not clear whether the social media platform locked Rajaharia’s account over the tweet following a complaint by MobiKwik. However, this was the second time in the month of March that Rajaharia’s Twitter account was locked for tweets related to the MobiKwik incident.
Before this, his account was locked on March 9 over a tweet where he had criticised MobiKwik for not taking the incident “seriously”. In this case too, Twitter said he violated its rules against posting private information and only unlocked his account after he deleted the tweet, Rajaharia said.
What is clear though is that MobiKwik had made an attempt to take down Rajaharia’s tweets where he had claimed a massive security breach earlier in March, emails reviewed by Entrackr showed.
In an email to Rajaharia dated March 12, Twitter revealed that it had received a request from ‘One Mobikwik Systems Private Limited’ where the company had flagged four of his tweets claiming that content of the tweets ‘violates the law(s) of India’.
Earlier in March, LinkedIn had taken down Rajaharia’s post on the same issue, claiming the post was defamatory, emails reviewed by Entrackr showed.
In response to queries sent by Entrackr, a LinkedIn spokesperson said that “while we can’t comment on the specifics of a member’s account due to our privacy policy, we can confirm that we only remove content if it’s in violation of our policies”.
The Microsoft-owned company did not respond to a question where we had asked them about the parameters they take into consideration before adjuding that a post is indeed defamatory.
Following the furore over the severity of the claimed data breach suffered by MobiKwik, which the company has denied, the Reserve Bank of India has ordered the company to immediately carry out a forensic audit of its systems by a certified auditor, news agency PTI reported.
The PTI report also said that the company has told the Indian Computer Emergency Response Team that on March 1 that there was an unauthorised attempt to access MobiKwik’s user-facing application programming interface associated with a payment link generated through its platform.
