We have covered a plethora of stories on cyber breach and data security hacks.
A burgeoning value of such data breaches and cyber crime issues are not just the deal of the day for a common man but also huge organizations all over the globe.
Today’s segment is about an ‘alleged’ data breach in the e-commerce payment system and financial technology company Paytm’s online shopping platform Paytm Mall.
Originally reported by the global cyber intelligence agency Cyble, the B2C model arm of Paytm, Paytm Mall was hacked by a well-known cybercrime group with the alias ‘John Wick’.
Contents
Paytm Mall Hacked on Lieu of Fixing Bugs
The credible hacking group ‘John Wick’ has a strategy of performing their roles.
They have broken into and are responsible behind data breaches of a number of Indian companies, with not just ‘John Wick’ as an alias but also as ‘South Korea’, ‘HCKINDIA’ and other such aliases.
The malicious hacker group is known to use the strategy of offering the targeting companies/victims to help fix their bugs, under the guise of hacking into their systems.
This is what happened with Paytm Mall.
Zee5, Stashfin, SquareYardsSumo Payroll, i2ifunding, e27 and many other Indian companies have been hacked by John Wick.
Paytm Eradicates any Such Allegation
As of 2018, Paytm Mall has over 5.5 mil active users (on a daily basis), with 80k sellers, housing over 110 mill products.
Now, as reported by Cyble, the cybercrime group (John Wick) was able to gain unrestricted access to Paytm Mall’s entire database, by uploading a backdoor on either the company’s website, or application.
As stated by Cyble:
“According to the messages forwarded to us by the source, the perpetrator claimed the hack happened due to an insider at Paytm Mall.
The claims, however, are unverified, but possible. Our sources also forwarded us the messages where the perpetrator also claimed they are receiving the ransom payment from the Paytm mall as well.”
As reported, Paytm Mall/Paytm deny any such data breach occurrence, claiming that they run a bug-bounty program, which invites researchers from all around to submit any query related to security issues.
However, this wouldn’t be the 1st time Paytm is hit by any ‘supposed’ data breach, conducted by an insider. In 2019, Paytm registered a fraud caused by their junior employees.
Hackers Ask for Ransom
Speaking of the alias ‘John Wick’, they have demanded ransom in return for data breach.
Cyble’s sources confirm that despite an unclear picture of the volume of data breached, the perpetrator has demanded 10 ETH, equivalent to USD 4,000.
“At this stage, we are unaware that the ransom was paid”, claims the Cyble source.
Comments are closed, but trackbacks and pingbacks are open.