SUMMARY
An investment banker’s total Paytm wallet balance of INR 5,520.93 got transferred to Shree Balaji Juice Centre
He tweeted saying how Paytm is vulnerable to cyber fraud
Paytm agreed to the breach and refunded the amount
Inc42 Daily Brief
Stay Ahead With Daily News & Analysis on India’s Tech & Startup Economy
The year has been filled with ups and downs for Noida-based digital payments company Paytm. This time it has come under the social media scanner for cyber fraud after a famous investment banker tweeted how INR 5K from his Paytm wallet automatically got transferred to a juice vendor.
The banker’s total balance of INR 5,520.93 got transferred to Shree Balaji Juice centre at about 12.15 am on Tuesday morning. “Just flagging off a fraud which happened to me. My entire Paytm balance of over 5k got transferred to an entity called Balaji juice centre at 12.15 am today while I was asleep at home. Reported it to @Paytmcare but am surprised how vulnerable Paytm is to cyber fraud,” the banker Vikaas Sachdeva tweeted.
The digital payments company responded saying the refund of the total amount has been added to his wallet. “Hi Vikaas, this is not the experience we strive to deliver to our customers. We have added the refund of ₹5220.93 to your account under wallet transaction ID 27XXXXXX73 against the transaction at Shree Balaji juice centre,” it replied.
Increasing Cases Of Cyber Breach
On Tuesday, a cybersecurity lapse was also found in bike-sharing startup Bounce. A security researcher found a digital flaw in the Bengaluru-based startup app. According to media reports, one of its internal application programming interface (API) can log the hacker into any Bounce account, bypassing the users’ phone number into the request, and in response, it returns with the access token and rider ID, which can be used to access any Bounce account.
In August this year, web privacy research group vpnMentor found data breaches in two Indian fintech startups Credit Fair and Chqbook in July. It discovered that databases of both startups were unprotected and unencrypted. While Credit Fair uses a Mongo Database, Chqbook uses Elastic Search and both were not protected with any password or firewall.
It was also alleged that in February this year 18 Mn records from Gurugram-based online travel agency Ixigo were stolen by a hacker as part of 127 Mn records he stole from eight websites. Other than this, many Indian startups, including cashback platform CashKaro, Justdial and Zomato were said to have found with security loopholes.
Correction Note: November 13, 2019 | 20:15
Changed headline to mention amount
Note: We at Inc42 take our ethics very seriously. More information about it can be found here.