A popular e-commerce platform Paytm Mall has suffered a huge data breach. A group of hacker has targeted the companies database. After targeting Paytm Mall, the hackers are demanding for ransom in cryptocurrency to get the data in return.
Hackers Demanding 4000$ of Ransom from Paytm
A cyber research firm, Cyble, has announced about the data breach of Paytm. However, in a statement Paytm denied about the breach news.
According to the firm Cyble, a hacker group named “John Wick” is behind this Paytm data breach. This group has collected ransom from different Indian Organizations, including apps like Zee5, Sumo Payroll, Stashfin and others.
The hacker group ‘John Wick’ got access to unrestricted all the databases and was also able to upload Adminer on Paytm Mall app website.
In a blogpost on Sunday, Cyble said,
‘John Wick’ was able to upload a backdoor or Adminer on Paytm Mall application website and was able to gain unrestricted access to their entire databases […] According to the messages forwarded to us by the source, the perpetrator claimed the hack happened due to an insider at Paytm Mall. The claims, however, are unverified, but possible.”
The sources have forwarded the messages where the hackers claimed and have demanded $4000, (10 ETH) to receive the ransom payment from Paytm Mall.
‘John Wick’ hacker group has acted as a ‘grey-hat’ hacker as they offered help to the companies to fix the bugs. If you don’t know, a ‘grey hat’ is a computer hacker who finds and fixes the vulnerabilities in systems and platforms. And the owner does not know about this, and it asks for fees to fix the issue in their systems.
However, Paytm Mall has denied about this issue and said it would verify the matter. On Sunday evening, Paytm Mall’s internal cybersecurity teams did not find any data breach.
Paytm Mall spokesperson said,
“We would like to assure that all user as well as company data is completely safe and secure. We invest heavily in our data security, as you would expect. We have been investigating the claims of a possible hack and data breach, and haven’t found any security lapses yet. We also have a Bug Bounty program, under which we reward responsible disclosure of any security risks. We extensively work with the security research community and safely resolve security anomalies.”