Paytm Mall’s ‘entire database’ hacked due to company ‘insider’; hacker demands ransom
According to the sources, cited by the platform, the hacker group had asked for 10 Ethereum (cryptocurrency), which is equivalent to $4,000, in ransom. The group claimed that they are receiving the ransom payment from Paytm Mall.
Vijay Shekhar Sharma’s Paytm Mall has suffered a massive data breach. A cybercrime group operating with the alias name John Wick was able to “gain unrestricted access to their (Paytm Mall) entire databases,” the US-based cyber risk intelligence platform Cyble said in a report on its blog on Sunday. According to the sources, cited by the platform, the hacker group had asked for 10 Ethereum (cryptocurrency), which is equivalent to $4,000, in ransom. The group claimed that they are receiving the ransom payment from Paytm Mall. ‘John Wick’ also claimed, as per the messages forwarded by sources to Cyble, the hack happened due to an insider at Paytm Mall.
A Paytm Mall spokesperson in response to the alleged breach assured that the user, as well as company data, is safe even as it invests heavily in its data security. The spokesperson added that the company has been investigating the claims of a “possible hack and data breach” but it hasn’t come across “any security lapses yet.” Paytm Mall runs a Bug Bounty program wherein it rewards “responsible disclosure of any security risks. We extensively work with the security research community and safely resolve security anomalies.”
However, this isn’t the first time that reports around data theft at Paytm have surfaced. There are other multiple instances where Paytm customers have been duped. For instance, earlier this month, Ahmedabad Cyber Crime Branch arrested two persons for allegedly duping residents of different states on the pretext of updating KYC of Paytm, police said, according to PTI. The police found Rs 58.20 lakh in different bank accounts of the accused. Similarly, a gang which duped users of Paytm on the pretext of updating KYC details was busted in Mumbai.
According to Cyble, the hacker group operated with other alias names such as South Korea and HCKINDIA. “One of the tactics used by this group is “to act” as a grey-hat hacker and offer help to companies or victims to fix their bugs,” it said. Zee5, SquareYards, Stashfin, Sumo Payroll, Square Capital, i2ifunding, e27 etc were other targets of the hacker group in the past. Mostly, tech companies in India have been on the target of the group likely because of the “high degree of his success rate in receiving ransom payments,” Cyble noted. The ransom is demanded through emails on companies’ support channels etc.