US-based cyber-risk intelligence platform Cyble Inc has claimed that ecommerce platform Paytm Mall suffered a massive data breach on Sunday (August 30). Cyble claimed in its blogpost that a cybercrime group under the alias ‘John Wick’ has been able to get unrestricted access to the entire database of the company.
According to Cyble, ‘John Wick’ has broken into multiple Indian companies and collected ransom from various Indian organizations including OTT platform Zee5, fintech startups, Stashfin, Sumo Payroll, Stashfin, i2ifunding, through other aliases such as ‘South Korea’ and ‘HCKINDIA’.
‘John Wick’ was able to upload a backdoor or Adminer on Paytm Mall application website and was able to gain unrestricted access to their entire databases […] According to the messages forwarded to us by the source, the perpetrator claimed the hack happened due to an insider at Paytm Mall. The claims, however, are unverified, but possible,” claimed a Cyble blogpost.
According to Cyble, its sources also forwarded them messages where the perpetrator claims to have demanded 10 Ethereum (ETH), equivalent to $4,000 and is receiving the ransom payment from the Paytm Mall.
One of the tactics used by this group is to act as a ‘grey-hat’ hacker and offer help to companies or victims to fix their bugs, said Cyble in its report. A ‘grey hat’ is a computer hacker who looks for vulnerabilities in platforms and systems, without the owner’s knowledge and asks for a fee to fix the issue.
However, Paytm Mall has denied this claim and said that it has undertaken measures to verify the matter, with no data breaches detected by its internal cyber security teams as of Sunday evening.
“We would like to assure that all user as well as company data is completely safe and secure. We invest heavily in our data security, as you would expect. We have been investigating the claims of a possible hack and data breach, and haven’t found any security lapses yet. We also have a Bug Bounty program, under which we reward responsible disclosure of any security risks. We extensively work with the security research community and safely resolve security anomalies,” said a Paytm Mall spokesperson to Times of India.
Dark web sweepers Cyble claimed in July that internal data of Gurugram-based Religare Health Insurance has lost 5 Mn records, which is now up for sale. The US-based cybersecurity firm has claimed that the hacked data includes details of Religare, its agents and several sensitive information of the company’s clients, including their names, phone numbers, email id, date of birth.
According to a blog post, published by Cyble, the leaked database also contains details about insurance policies like customer ID, policy number, start date, end date, along with the name, sum and renewal amount of the policy taken by the customers.
In July, hyperlocal task management startup Dunzo also suffered a data breach that leaked phone numbers and email addresses of its users. The data breach took place through servers “of a third party” Dunzo works with were compromised, the firm’s chief technology officer (CTO) Mukund Jha had said in a blogpost.
Prior to this, Cyble has highlighted data breaches of companies like Truecaller, Unacademy, Naukri.com, Bharat Earth Movers Limited (BEML) and IndiaBulls. While Unacademy and BEML have accepted the data breach. Naukri.com has alleged that the data found dates back to the year 2006 – 2012, and there is no proof that the data has been collected from Naukri.com even though the file does.
There have been several Indian platforms in the past which have faced data breaches. Earlier in May, it was reported that data of 4.75 crore Truecaller Indian users was found to be up for sale on the dark web. The development which was denied by the Swedish mobile application platform Truecaller India, was a result from its data leak.