Highlights:

  • Paytm Mall database targeted by a hacker group called John Wick
  • The breach impacted all accounts and related information at Paytm Mall

Paytm, an e-commerce payment system and a fintech firm, is making headlines post a massive data breach incident. The company reportedly suffered a huge data breach after being targeted by a  hacker group. The hacker group is also demanding ransom in exchange for the looted data.

The attack in detail

The mastermind behind the massive Paytm Mall database breach is the hacker group, John Wick. The aggressive group is famous for hacking databases of companies under the excuse/trick of helping them fix bugs in the system.

Cyble, the global cyber intelligence agency, asserted that the John Wick hacker group made a backdoor entry into Paytm Mall’s entire production database by gaining unrestricted access. The attack has had an impact on all accounts and related information at Paytm Mall.

Cyble claims that hackers have demanded 10 ETH, equivalent to about USD 4,000. However, the volume of the data breach is not identified yet.

“According to the messages forwarded to us by our source, the perpetrator claimed the hack happened due to an insider at Paytm Mall. The claims, however, are unverified, but possible. Our sources also forwarded us the messages where the perpetrator also claimed they are receiving the ransom payment from the Paytm mall as well. Leaking data when failing to meet hackers demands is a known technique deployed by various cybercrime groups, including ransomware operators. At this stage, we are unaware that the ransom was paid,” Cyble stated in an official update.

Post the news, a Paytm Mall spokesperson clarified and assured that all users of Paytm Mall and the company data were completely safe and secure. The company representative also expressed that they had considered and investigated assertions of a possible cyberattack and data breach but stated that they are absolutely false.

Further, he mentioned that the company heavily invested in data security and has a Bug Bounty program that is designed to reward responsible disclosure of any security risks. The company is extensively making efforts and working with the security research community to safely resolve anomalies.