Chinese-Owned FinTech App Allegedly Downloaded Users’ Contact Lists to Servers Based in China

On August 13, Dutch technology news website, TNW, reported that a Chinese-owned money lending application operating in India known as Moneed, had stored user data in an unprotected China-based database, resulting in the exposure of personal data on more than 300 million people.  This accounts for the data of the users that reportedly downloaded one of Moneed’s money-lending apps (more than one million times) as well as their contact lists, which the application had been downloading to the company’s Hangzhou-based, Alibaba-operated servers, despite past assertions by the company that local user data was being stored on servers based in India.

The leak reveals data collected from users’ between August 2019 and July 2020.  In the period since the report broke, it appears that the Alibaba Security Response Center has taken the database offline, and Moneed claims the problem has been fixed.  The data breach revelations emerge against the backdrop of increasing bilateral tensions between India and China that led India recently to ban 50 Chinese-owned mobile applications, including TikTok.

Approximately 60–70% of India’s micro-lending applications are Chinese-owned.  Downloads of such micro-lending applications have reportedly been on the rise amid India’s coronavirus lockdown.