Paytm Mall was established in 2017 as a B2C online marketplace. It is backed by Alibaba Group and SAIF Partners.
Paytm Mall Hacked
Paytm Mall, the e-commerce marketplace wing of Paytm, has been allegedly hacked, according to risk intelligence platform Cyble. A known cybercrime group that calls themselves ‘John Wick’ was reportedly able to gain unrestricted access to Paytm Mall’s entire database using a backdoor/ Adminer. Cyble also claims that the hack was made possible by a Paytm Mall insider. Additionally, the cybercriminals have asked for ransom in the form of cryptocurrency, 10 ETH (roughly Rs. 3.12 lakh), as per the report. Paytm, however, said it has not found any security lapses.
Cyble report states that an alleged ex-cartel member who uses the alias KelvinSec and is part of a known hacking group “John Wick“, tipped the risk intelligence platform about the hack. The cybercrime group was allegedly able to upload a backdoor/ Adminer on Paytm Mall and gain unrestricted access to its entire database. It is being said that the hackers gained access to the production database that potentially contains information on all Paytm Mall accounts and other related information. Cyble also cites its source, claiming that the perpetrator said it was an inside job.
The hacker group demanded a ransom of 10 ETH and the report claims they are receiving the ransom payment from the Paytm Mall. Further, the perpetrator has posted about the Paytm Mall hack in a Russian hacking forum as well, the report adds.
Paytm, however, said that all user and company data was safe and secure.
“We invest heavily in our data security, as you would expect,” a Paytm spokesperson told Gadgets 360. “We have been investigating the claims of a possible hack and data breach, and haven’t found any security lapses yet. We also have a Bug Bounty program, under which we reward responsible disclosure of any security risks.”
The spokesperson added: “We extensively work with the security research community and safely resolve security anomalies.”