Is Paytm Mall hacked? Company explicitly says 'No'
Yesterday, a report published by US-based cyber-risk intelligence company Cyble claimed that Paytm Mall, the e-commerce arm of Indian payments unicorn Paytm, has suffered a massive data breach. It suggested that the hackers have stolen Paytm's data and are demanding ransom in return. However, shortly after that, the Vijay Shekhar Sharma-led company rebuffed all the claims as false. Here's what went down.
In a blog post citing multiple sources, Cyble reported that Paytm Mall has been compromised due to an insider at the company. With the help of this person, they suggested, a hacker group named 'John Wick' was able to upload a backdoor on Paytm Mall and gain unrestricted access to their entire databases at Paytm, including those related to production, accounts.
The report also said that the hackers have demanded a ransom of $4,000 (nearly Rs. 3 lakh) from the company, possibly in exchange for deleting their data. This technique is often used by ransomware operators to force their targets into paying money for protecting their data, but in this case, it was not clear if the money was paid, Cyble noted.
As Cyble's report gained traction, Paytm issued a statement denying any kind of hack or data breach at its end. "We would like to assure that all users, as well as company data, are completely safe and secure," a company spokesperson said, adding that "we have been investigating the claims of a possible hack and data breach, and haven't found any security lapses yet."
The spokesperson of the company emphasized that they invest heavily in maintaining the security of users' and company data. "We also have a Bug Bounty program, under which we reward responsible disclosure of any security risks. We extensively work with the security research community and safely resolve security anomalies," the representative added in the statement.
Given that Cyble hasn't shared any evidence to verify the claims and its report is solely based on sources, Paytm is likely to get the benefit of the doubt here. However, this is not the first time we are hearing about the John Wick group. They have also been involved in hacks against ZEE5, Square Yards, Stashfin, SumoPayroll, Square Capital, and other organizations.