Paytm Mall suffers data breach, ransom demanded by hackers

E-commerce platform Paytm Mall has suffered a massive data breach, where a cybercrime group under the alias ‘John Wick’ has been able to get unrestricted access to the entire database of the company, according to US-based cyber-risk intelligence platform Cyble Inc.

According to Cyble, ‘John Wick’ has broken into multiple Indian companies and collected ransom from various Indian organizations including OTT platform Zee5, fintech startups, Stashfin, Sumo Payroll, Stashfin, i2ifunding, through other aliases such as ‘South Korea’ and ‘HCKINDIA’.

‘John Wick’ was able to upload a backdoor or Adminer on Paytm Mall application website and was able to gain unrestricted access to their entire databases […] According to the messages forwarded to us by the source, the perpetrator claimed the hack happened due to an insider at Paytm Mall. The claims, however, are unverified, but possible,” said a Cyble blogpost on Sunday.

According to Cyble, its sources also forwarded them messages where the perpetrator claims to have demanded 10 Ethereum (ETH), equivalent to $4,000 and is receiving the ransom payment from the Paytm Mall.

One of the tactics used by this group is to act as a ‘grey-hat’ hacker and offer help to companies or victims to fix their bugs, said Cyble in its report. A ‘grey hat’ is a computer hacker who looks for vulnerabilities in platforms and systems, without the owner’s knowledge and asks for a fee to fix the issue.

Paytm Mall has denied this claim and said that it has undertaken measures to verify the matter, with no data breaches detected by its internal cyber security teams as of Sunday evening.

“We would like to assure that all user as well as company data is completely safe and secure. We invest heavily in our data security, as you would expect. We have been investigating the claims of a possible hack and data breach, and haven’t found any security lapses yet. We also have a Bug Bounty program, under which we reward responsible disclosure of any security risks. We extensively work with the security research community and safely resolve security anomalies,” said a Paytm Mall spokesperson.

In July, hyperlocal task management startup Dunzo also suffered a data breach that leaked phone numbers and email addresses of its users. The data breach took place through servers “of a third party” Dunzo works with were compromised, the firm’s chief technology officer (CTO) Mukund Jha had said in a blogpost.

There have been several Indian platforms in the past which have faced data breaches. Earlier in May, it was reported that data of 4.75 crore Truecaller Indian users was found to be up for sale on the dark web. The development which was denied by the Swedish mobile application platform Truecaller India, was a result from its data leak.

In January, 2019, e-commerce major Amazon India had admitted to a technical glitch which exposed tax reports of 400,000 sellers on its platform. It was reported that affected sellers received tax reports of other sellers, while attempting to download their own Merchant Tax Reports for December, 2018.

Recently, Mint also reported that North Korea- backed Lazarus group was planning a cyberattack to target 2 million individual email IDs belonging to users in India, according to cyber intelligence firm Cyfirma.

A recent survey by network security provider, Barracuda Networks said that around 66% of Indian organisations have suffered at least one data breach after shifting to the remote working model, which included 1,000 decision makers in India, Australia, New Zealand, Singapore, and Hong Kong. Live Mint