HACKERS CLAIM DATA BREACH AT PAYTM MALL
BENGALURU: E-commerce platform Paytm Mall has suffered a massive data breach after a group of hackers targeted and acquired unrestricted access to the company’s complete database.
According to US-based cyberrisk intelligence platform Cyble Inc., a cybercrime group under the alias ‘John Wick’ has demanded a ransom in exchange for data.
Cyble said ‘John Wick’ has broken into multiple Indian companies, collecting ransom from companies such as OTT platform Zee5, fintech startups, Stashfin, Sumo Payroll, Stashfin, i2ifunding, through other aliases such as ‘South Korea’ and ‘HCKINDIA’.
“‘John Wick’ was able to upload a backdoor or Adminer on the Paytm Mall application website and was able to gain unrestricted access to their entire databases […] According to the messages forwarded to us by the source, the perpetrator claimed the hack happened due to an insider at Paytm Mall. The claims, however, are unverified, but possible,” said a Cyble blogpost.
Its sources also forwarded messages where the perpetrator claimed to have demanded 10 Ethereum, or equivalent to $4,000, and will be receiving the ransom from Paytm Mall.
Paytm Mall has denied the claim made by Cyble. “We would like to assure that all user, as well as company data, is completely safe and secure. We invest heavily in our data security, as you would expect. We have been investigating the claims of a possible hack and data breach, and haven’t found any security lapses yet,” said a Paytm Mall spokesperson.