E-commerce giant Paytm Mall heavily denies alleged data breach that accessed the company’s entire databases.
Last month, news circulated about an alleged cybercrime group John Wick, who has gained unrestricted access to the entire Paytm databases. A US-based cyber risk security company Cyble said the hacker group is asking for $4,000 worth of cryptocurrency in ransom.
“It appears the actor [alias John Wich group] gained access to their production database and potentially affects all accounts and related information at Paytm Mall,” reported Cyble in a blog post.
John Wick group claimed they’ve received a payment from Paytm Mall and forwarded messages to Cyble as references. According to the security platform, the hacking was made after an insider help at Paytm Mall.
Cyble stated that failing to meet the demands of hackers results in data leaking, which is already common for some companies. At the time when they’ve published the blog, the security firm is unaware that the ransom was already paid.
Hackers uploaded a backdoor to the application and website of the e-commerce giant. While Cyble’s claims were unverified, Paytm Mall denied the ‘accusations.’
A company spokesperson said, “We would like to assure that all user, as well as company data, is completely safe and secure. We have been investigating the claims of a possible hack and data breach, and haven’t found any security lapses yet.”
The clarification came following the news from Cyble, citing security lapses from e-commerce systems. The spokesperson added that Paytm Mall heavily invests in data security and has a Bug Bounty program that rewards disclosure of any security risks.
“We extensively work with the security research community and safely resolve security anomalies,” added the company spokesperson.
Luring Customers of Data Breach
The issue with Paytm Mall isn’t the first time that reports of data theft and breach circulate online. There were former incidents when customers were duped of paying money due to a security alert.
Ahmedabad Cyber Crime Branch arrested two criminals for duping customers in different states on the update of KYC of Paytm Mall. The authorities found Rs 58.20 lakh in separate bank accounts of the accused.
Similar strategies happened in Mumbai when a group of criminals duped Paytm customers on a text updating the KYC details.
Cyble claims that hacker groups act as a ‘grey-hat’ hacker to offer help to companies suffering a breach. This leads to further tampering the databases and getting ransom from companies.