Alibaba Group-funded Paytm Mall has allegedly suffered a “massive data breach”, global cybersecurity firm Cyble reported, with a known cybercrime group ‘John Wick’ gaining unrestricted access to the e-commerce firm’s entire databases. The report also alleges that the hack “happened due to an insider at Paytm Mall”. The company, however, denied any such hack or data breach.
“We would like to assure that all user, as well as company data, is completely safe and secure. We have noted and investigated the claims of a possible hack and data breach, and these are absolutely false. We invest heavily in our data security, as you would expect. We also have a Bug Bounty program, under which we reward responsible disclosure of any security risks. We extensively work with the security research community and safely resolve security anomalies,” a Paytm Mall spokesperson told The Indian Express.
Even as the volume of compromised data is unknown, Cyble claimed that attackers have demanded 10 ETH, or cryptocurrency ethereum, equivalent to $4,000.
“Our sources also forwarded us the messages where the perpetrator also claimed they are receiving the ransom payment from the Paytm Mall as well. Leaking data when failing to meet hackers demands is a known technique deployed by various cybercrime groups, including ransomware operators. At this stage, we are unaware that the ransom was paid,” Cyble said in its report.
“The actor (John Wick) seems to have a keen interest in the Indian companies, and this is likely due to the high degree of his success rate in receiving ransom payments. Based on their attack patterns, one thing which stands out is that the group targets tech-based companies the most — and demand ransom by sending them emails on their support channels etc,” Cyble added.
📣 The Indian Express is now on Telegram. Click here to join our channel (@indianexpress) and stay updated with the latest headlines