Paytm Mall an E-commerce platform suffered a huge data breach. A cybercrime group by the name ‘John Wick’ got unrestricted access to the company’s entire database as per Cyble Inc.
As per Cyble Inc, ‘John Wick’ broke into many Indian companies earlier.
According to Cyble, its sources also forwarded them messages where the perpetrator claims to have demanded 10 Ethereum (ETH), equivalent to $4,000 and is receiving the ransom payment from the Paytm Mall.
The group uses ‘grey-hat’ hacker tactics and provides help to companies or victims to fix their bugs, as per a report by Cyble.
A ‘grey hat’ is a computer hacker who looks for vulnerabilities in platforms and systems, without the owner’s knowledge and asks for a fee to fix the issue.
However, Paytm Mall denied the claim and said that there were no data breaches as detected by their internal cybersecurity teams.
“We would like to assure that all user as well as company data is completely safe and secure. We invest heavily in our data security, as you would expect. We have been investigating the claims of a possible hack and data breach, and haven’t found any security lapses yet. We also have a Bug Bounty program, under which we reward responsible disclosure of any security risks. We extensively work with the security research community and safely resolve security anomalies,” said a Paytm Mall spokesperson.
India faced several data breaches earlier. In May, Truecaller records of Indian users were also put up on sale on the dark web. In January 2019, Amazon India accepted that they had a technical glitch which resulted in the exposure of tax reports of other sellers, in an attempt to download their Merchant Tax Reports for December 2018.
Recently, Mint also reported that North Korea- backed Lazarus group was planning a cyberattack to target 2 million individual email IDs belonging to users in India, according to cyber intelligence firm Cyfirma.