The entire database of the e-commerce arm of Fintech giant Paytm may have been hacked. According to reports from US based cyber risk intelligence platform Cyble, a hacker group with the alias ‘John Wick’ was able to upload a backdoor on the Mall application or website and gained unrestricted access to the entire database of Paytm Mall.
According to Cyble, the hacker group lures in companies on the pretext of offering help to fix bugs and malwares. The attackers then demand a ransom in the form of cryptocurrency in exchange for the data. The group’s previous targets include Zee5, SquareYards, Stashfin, Sumo Payroll, and Square Capital, among many others.
Cyble revealed that the perpetrator claimed that this breach happened because of a Paytm Mall insider. Sources also revealed that the hackers have demanded 10 Ethereum (ETH) as ransom. Ethereum is a cryptocurrency platform and 1 ETH is currently valued at US$424 approximately.
While the magnitude of the claimed breach cannot be independently verified, Paytm denied this cyber attack and claimed the user data is safe and secure. In 2019, the Paytm group faced a fraud allegedly caused due to their junior employees.
A Paytm Mall spokesperson said, “We would like to assure that all users, as well as company data, is completely safe and secure. We have noted and investigated the claims of a possible hack and data breach, and these are absolutely false. We invest heavily in our data security, as you would expect. We also have a Bug Bounty program, under which we reward responsible disclosure of any security risks. We extensively work with the security research community and safely resolve security anomalies.
Of late, the Indian startup ecosystem has suffered a massive cyber security breach. Many prominent companies like Zomato, Truecaller and Unacademy have fallen prey to these frequent ransomware attacks.