Paytm Mall’s ‘entire database’ hacked due to company ‘insider’; hacker demands ransom

By: |
Updated: Aug 31, 2020 12:35 PM

According to the sources, cited by the platform, the hacker group had asked for 10 Ethereum (cryptocurrency), which is equivalent to $4,000, in ransom. The group claimed that they are receiving the ransom payment from Paytm Mall.

A Paytm Mall spokesperson in response to the alleged breach assured that the user, as well as company data, is safe even as it invests heavily in its data security. Image for representation
  • 30 August 2020

Vijay Shekhar Sharma’s Paytm Mall has suffered a massive data breach. A cybercrime group operating with the alias name John Wick was able to “gain unrestricted access to their (Paytm Mall) entire databases,” the US-based cyber risk intelligence platform Cyble said in a report on its blog on Sunday. According to the sources, cited by the platform, the hacker group had asked for 10 Ethereum (cryptocurrency), which is equivalent to $4,000, in ransom. The group claimed that they are receiving the ransom payment from Paytm Mall. ‘John Wick’ also claimed, as per the messages forwarded by sources to Cyble, the hack happened due to an insider at Paytm Mall.

Financial Express Online couldn’t independently verify the report.

A Paytm Mall spokesperson in response to the alleged breach assured that the user, as well as company data, is safe even as it invests heavily in its data security. The spokesperson added that the company has been investigating the claims of a “possible hack and data breach” but it hasn’t come across “any security lapses yet.” Paytm Mall runs a Bug Bounty program wherein it rewards “responsible disclosure of any security risks. We extensively work with the security research community and safely resolve security anomalies.”

Also read: From 5 Cents to $82 billion: As Warren Buffett turns 90, here’s look back at 80 years of wealth creation

However, this isn’t the first time that reports around data theft at Paytm have surfaced. There are other multiple instances where Paytm customers have been duped. For instance, earlier this month, Ahmedabad Cyber Crime Branch arrested two persons for allegedly duping residents of different states on the pretext of updating KYC of Paytm, police said, according to PTI. The police found Rs 58.20 lakh in different bank accounts of the accused. Similarly, a gang which duped users of Paytm on the pretext of updating KYC details was busted in Mumbai.

According to Cyble, the hacker group operated with other alias names such as South Korea and HCKINDIA. “One of the tactics used by this group is “to act” as a grey-hat hacker and offer help to companies or victims to fix their bugs,” it said. Zee5, SquareYards, Stashfin, Sumo Payroll, Square Capital, i2ifunding, e27 etc were other targets of the hacker group in the past. Mostly, tech companies in India have been on the target of the group likely because of the “high degree of his success rate in receiving ransom payments,” Cyble noted. The ransom is demanded through emails on companies’ support channels etc.

  • First published on www.financialexpress.com on 30 August 2020.

Get live Stock Prices from BSE, NSE, US Market and latest NAV, portfolio of Mutual Funds, calculate your tax by Income Tax Calculator, know market’s Top Gainers, Top Losers & Best Equity Funds. Like us on Facebook and follow us on Twitter.

Financial Express is now on Telegram. Click here to join our channel and stay updated with the latest Biz news and updates.

Next Stories
1Startup India: Under Modi’s pet scheme, startup jobs jump 126%; this many companies recognised
2Byju’s acquires Unitus Ventures-backed LabInApp
3MSME ministry lays out new guidelines for pottery, beekeeping activities