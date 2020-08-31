Yesterday, a report published by US-based cyber-risk intelligence company Cyble claimed that Paytm Mall, the e-commerce arm of Indian payments unicorn Paytm, has suffered a massive data breach. It suggested that the hackers have stolen Paytm's data and are demanding ransom in return. However, shortly after that, the Vijay Shekhar Sharma-led company rebuffed all the claims as false. Here's what went down.

Claim Claims of data breach at Paytm Mall

In a blog post citing multiple sources, Cyble reported that Paytm Mall has been compromised due to an insider at the company. With the help of this person, they suggested, a hacker group named 'John Wick' was able to upload a backdoor on Paytm Mall and gain unrestricted access to their entire databases at Paytm, including those related to production, accounts.

Ransom $4,000 demanded in ransom

The report also said that the hackers have demanded a ransom of $4,000 (nearly Rs. 3 lakh) from the company, possibly in exchange for deleting their data. This technique is often used by ransomware operators to force their targets into paying money for protecting their data, but in this case, it was not clear if the money was paid, Cyble noted.

Response Paytm rebuffed the report completely

As Cyble's report gained traction, Paytm issued a statement denying any kind of hack or data breach at its end. "We would like to assure that all users, as well as company data, are completely safe and secure," a company spokesperson said, adding that "we have been investigating the claims of a possible hack and data breach, and haven't found any security lapses yet."

Emphasis We invest heavily in data security, company emphasized

The spokesperson of the company emphasized that they invest heavily in maintaining the security of users' and company data. "We also have a Bug Bounty program, under which we reward responsible disclosure of any security risks. We extensively work with the security research community and safely resolve security anomalies," the representative added in the statement.

Previous attacks John Wick had also targeted other popular companies