No security lapses found after investigating alleged breach: Paytm Mall

The e-commerce unit of payment solutions provider Paytm, Paytm Mall, on Sunday said it has not found any security lapses yet after investigating claims of a possible hack and data breach.

The clarification came after US-based cyber research firm Cyble had said a hacker group with the alias 'John Wick' was able to gain unrestricted access to Paytm Mall's databases.

"We would like to assure that all user, as well as company data, is completely safe and secure... We have been investigating the claims of a possible hack and data breach, and haven't found any security lapses yet," a Paytm Mall spokesperson said in a statement.

The spokesperson added that the company invests heavily in data security, and also has a Bug Bounty programme under which it rewards responsible disclosure of any security risks.
 

"We extensively work with the security research community and safely resolve security anomalies," the spokesperson said.

Cyble, in a blog, had said: "...it appears the actor gained access to their production database and potentially affects all accounts and related information at Paytm Mall".

Cyble said based on information available to it, the hack happened "due to an insider at Paytm Mall" and noted that the claims, however, are unverified.

"Our sources also forwarded us the messages where the perpetrator also claimed they are receiving the ransom payment from the Paytm Mall as well. Leaking data when failing to meet hackers demands is a known technique deployed by various cybercrime groups, including ransomware operators. At this stage, we are unaware that the ransom was paid," Cyble said.

The perpetrator had reportedly demanded 10 ETH (Ethereum) equivalent to USD 4,000.

Cyble said it has reached out to Paytm Mall for any comments and is awaiting to hear back.