A US-based cybersecurity firm on Sunday said that the Paytm group has suffered a “massive data breach” after Paytm Mall was hacked and a ransom demanded, which Paytm has denied.
According to Cyble, a cyber risk intelligence platform, a known cybercrime group with the alias ‘John Wick’ has claimed to infiltrate Paytm Mall’s entire production databases. The hack potentially affects all accounts and related information at Paytm Mall.
The hacker group has reportedly asked for a ransom in exchange for the data from the Bengaluru-based company after it got the access to upload a backdoor/adminer on Paytm Mall application. The hacker group is also known as “South Korea”, “HCKINDIA”.
While the magnitude of the claimed breach cannot be independently verified, the report claims that the perpetrator has demanded 10 ETH or Ethereum, equivalent to $4,000. What’s more, the report also alleged that the hack has happened due to an insider at Paytm Mall.
Responding to Entrackr’s queries, a Paytm Mall spokesperson said, "We would like to assure that all user, as well as company data, is completely safe and secure. We have noted and investigated the claims of a possible hack and data breach, and these are absolutely false.”
It is worth noting that John Wick is the same group that has broken into multiple Indian companies in the past and collected ransom too. The group’s previous targets include Zee5, SquareYards, Stashfin, Sumo Payroll, and Square Capital, among many others.
Of late, data or security breaches have been occurring frequently in the Indian startup ecosystem. Early this year, edtech startup Unacademy’s database also suffered a breach with contacts of 22 million users being put up for sale on May 3 for $2000. Truecaller, Zomato, and Uber have also fallen prey to massive data breaches of their user accounts.
While Paytm Mall has denied any breach, it’s bizarre that Cyble’s report points to the possible role of a company’s insider in what it says is a hack.