JOIN USPaytm Mall database hacked; company denies security lapse
Its barely a month since Garmin, a fitness tracker and GPS service provider fell victim to ransomware. Customers around the world faced service outage for several days and finally it was restored.
Now, Paytm's e-commerce arm Paytm Mall has suffered a cyberattack. A US-based internet security firm, Cyble citing KelvinSec, an ex-member of the notorious hacker group 'John Wick', has claimed that the latter has compromised the Indian company's database.
John Wick aka 'South Korea' or 'HCKINDIA' are known to approach companies as ethical white hat hackers to help them find bugs and security loopholes and after gaining their trust, steal or some times lock the data access until a ransom is paid.
The infamous group is known to have hoodwinked Zee5, SquareYards, Stashfin, Sumo Payroll, Square Capital, i2ifunding, e27, and several others in the past.
Now, Paytm Mall is also being asked to pay the ransom to back the access to the company's database.
"Our sources also forwarded us the messages where the perpetrator also claimed they are receiving the ransom payment from the Paytm mall as well. Leaking data when failing to meet hackers demands is a known technique deployed by various cybercrime groups, including ransomware operators. At this stage, we are unaware that the ransom was paid," Cyble said.
It is reported that John Wick is demanding 10 ETH (Ethereum), which roughly translates to Rs 2,93,540 (approx. $4,000)
However, Paytm Mall spokesperson has categorically denied that their database is compromised. It is completely safe and secure and added that the company conducted its own security screen to look for any data breach and there is no security lapse.
"We would like to assure that all user, as well as company data, is completely safe and secure. We invest heavily in our data security, as you would expect. We have been investigating the claims of a possible hack and data breach, and haven't found any security lapses yet," Paytm Mall spokesperson said.
"We also have a Bug Bounty program, under which we reward responsible disclosure of any security risks. We extensively work with the security research community and safely resolve security anomalies." Spokesperson added.
Get the latest news on new launches, gadget reviews, apps, cybersecurity, and more on personal technology only on DH Tech.