Rediff.com« Back to articlePrint this article

Paytm Mall suffers huge data breach, gets ransom call

August 31, 2020 11:02 IST

Hacker group John Wick is said to be responsible for the Paytm Mall database breach.

IMAGE: The headquarters of Paytm, India's leading digital payments firm, in Noida, Uttar Pradesh. Photograph: Sankalp Phartiyal / Reuters.com.

Paytm Mall, the e-commerce arm of unicorn Paytm, has suffered a "massive" data breach and a cybercrime group has demanded ransom as it has gained unrestricted access to the platform's entire database, according to a report by cyber security intelligence firm Cyble.

Hacker group John Wick is said to be responsible for the Paytm Mall database breach.

"According to the messages forwarded to us by our source, the perpetrator claimed the hack happened due to an insider at Paytm Mall. The claims, however, are unverified, but possible," the report said.

 

The ransom demanded was pegged at 10 ETH (ether coins), equivalent to $4,000.

Cyble also said the perpetrator is in the process of receiving the ransom payment from the Paytm Mall, citing sources. "At this stage, we are unaware that the ransom was paid."

Paytm, however, said that it did not find any evidence of data breach, during investigation.

"We would like to assure that all user, as well as company data, is completely safe and secure. We have noted and investigated the claims of a possible hack and data breach, and these are absolutely false," a spokesperson of Paytm Mall said in response to a query.

"We invest heavily in our data security, as you would expect. We also have a Bug Bounty program, under which we reward responsible disclosure of any security risks. We extensively work with the security research community and safely resolve security anomalies," the spokesperson added.

John Wick is a notorious hacking group or actor who broke into multiple India companies, and collected ransoms from various organisations. The actor has other aliases such as “South Korea”, “HCKINDIA”. One of the tactics used by this group is “to act” as a grey-hat hacker and offer help to companies or victims to fix their bugs, the report added.

The report comes a month after Cyble reported ransomware attack on Indiabulls Group and the hackers threatened to leak critical data owned by its group firms such as account transaction details, vouchers, letters sent to bank managers and a similar data breach.

A data leak of 1.29 million users of Gurugram-based online market place LimeRoad too was reported by Cyble in July. However, the company denied the allegations.

Sai Ishwar in Mumbai
Source: source image