 "Paytm mall suffers massive data breach, ransom demanded: Report")
Paytm Mall, the e-commerce arm of unicorn Paytm, has suffered a "massive" data breach and a cybercrime group has demanded ransom as it has gained unrestricted access to the platform's entire database, according to a report by cyber security intelligence firm Cyble.
Hacker group John Wick is said to be responsible for the Paytm Mall database breach. "According to the messages forwarded to us by our source, the perpetrator claimed the hack happened due to an insider at Paytm Mall. The claims, however, are unverified, but possible," the report said. The ransom demanded was pegged at 10 ETH (ether coins), equivalent to $4,000. Cyble also said the perpetrator is in the process of receiving the ransom payment from the Paytm Mall, citing sources. "At this stage, we are unaware that the ransom was paid."
Paytm however said that it did not find any evidence of data breach, during investigation. "We would like to assure that all user, as well as company data, is completely safe and secure. We have noted and investigated the claims of a possible hack and data breach, and these are absolutely false," a spokesperson of Paytm Mall said in response to a query. "We invest heavily in our data security, as you would expect. We also have a Bug Bounty program, under which we reward responsible disclosure of any security risks. We extensively work with the security research community and safely resolve security anomalies," the spokesperson added.
John Wick is a notorious hacking group or actor who broke into multiple India companies, and collected ransoms from various organisations. The actor has other aliases such as “South Korea”, “HCKINDIA”. One of the tactics used by this group is “to act” as a grey-hat hacker and offer help to companies or victims to fix their bugs, the report added.
The report comes a month after Cyble reported ransomware attack on Indiabulls Group and the hackers threatened to leak critical data owned by its group firms such as account transaction details, vouchers, letters sent to bank managers and a similar data breach. A data leak of 1.29 million users of Gurugram-based online market place LimeRoad too was reported by Cyble in July. However, the company denied the allegations.
One subscription. Two world-class reads.
Already subscribed? Log in
Subscribe to read the full story →*Subscribe to Business Standard digital and get complimentary access to The New York Times
Smart Quarterly
₹900
3 Months
₹300/Month
SAVE 25%
Smart Essential
₹2,700
1 Year
₹225/Month
SAVE 46%
*Complimentary New York Times access for the 2nd year will be given after 12 months
Super Saver
₹3,900
2 Years
₹162/Month
Subscribe
Renews automatically, cancel anytime
Here’s what’s included in our digital subscription plans
Exclusive premium stories online
Over 30 premium stories daily, handpicked by our editors
Complimentary Access to The New York Times
News, Games, Cooking, Audio, Wirecutter & The Athletic
Business Standard Epaper
Digital replica of our daily newspaper — with options to read, save, and share
Curated Newsletters
Insights on markets, finance, politics, tech, and more delivered to your inbox
Market Analysis & Investment Insights
In-depth market analysis & insights with access to The Smart Investor
Archives
Repository of articles and publications dating back to 1997
Ad-free Reading
Uninterrupted reading experience with no advertisements
Seamless Access Across All Devices
Access Business Standard across devices — mobile, tablet, or PC, via web or app
SAVE 25%