Paytm Mall faces data breach by ‘John Wick’ – denies reports

Featured image: A file-photo of Vijay Shekhar Sharma, founder of Paytm; Credits: GQIndia


The e-commerce arm of the fintech giant Paytm, Paytm Mall has recently denied reports claiming its data breach. Cyble, an Atlanta-based cybersecurity firm has claimed that a hacker named ‘John Wick’ gained unrestricted access to Paytm Mall’s database by uploading a backdoor on the Paytm Mall’s website. The report further highlights that the hacker demanded a ransom in exchange for information.

Cutting-edge solutions to help businesses streamline their operations and increase efficiency.
ⓘ Advertisement

According to Cyble, ‘John Wick’ through other aliases like ‘South Korea’ and ‘HCKINDIA’ has previously broken into multiple Indian companies and collected ransom from various Indian organizations including the OTT platform Zee5, Stashfin, Sumo Payroll, i2ifunding, SquareYards, e27 and more.

Cyble report has stated, the hacker group has demanded 10 Ethereum, a cryptocurrency that is equivalent to $4,000, from Paytm Mall as ransom.

One of the references backing the data breach shared by Cyble says, the actor gained access to Paytm Mall’s production database, which affects all accounts and related information at Paytm Mall.

One of the references backing the data breach shared by Cyble says, the actor gained access to Paytm Mall's production database, which affects all accounts and related information at Paytm Mall.

Cyble in its report on Sunday said,

“According to the messages forwarded to us by the source, the perpetrator claimed the hack happened due to an insider at Paytm Mall. The claims, however, are unverified, but possible. In 2019, the company faced a fraud allegedly caused due to their junior employees.”

Creating ground of their report, Cyble further added,

“High profile breaches such as this one indicate that cybercriminals are increasingly targeting the blindspots of organizations’ digital footprint. As part of the Cyble’s continuous digital risk monitoring capabilities, we detect 10,000s of exposed systems on the Internet with terabytes of sensitive data of users and their customers.”

On the other hand, a Paytm Mall spokesperson has claimed that there was no data breach or hack,

“We would like to assure that all user, as well as company data, is completely safe and secure. We have noted and investigated the claims of a possible hack and data breach, and these are absolutely false. We invest heavily in our data security, as you would expect. We also have a Bug Bounty program, under which we reward responsible disclosure of any security risks. We extensively work with the security research community and safely resolve security anomalies,” the spokesperson said.

About Paytm

Paytm is India’s fintech decacorn startup valuing over $10 billion at present, and is one of the most successful and known technology companies globally. The company through its mobile app, which is available in 11 different languages, offers a spectrum of digital payment facilities to the users for making payments such as travel, event bookings, movies, shops, parking tolls and more. Paytm Mall is the e-commerce segment of Paytm, launched in 2017 offering items such as clothes, groceries, household supplies and more.

Editor’s Take

Considering the notability and portfolio of Cyble in terms of reporting cyber threats globally, the odds are not even for Paytm. It is highly unlikely that a company could accept any security threat to its systems or database to keep its reputation in the market.

Note: LAFFAZ Media has contacted Paytm to comment on the references depicting the Paytm Mall data breach shared by Cyble. This news article will be updated in case Paytm comes with a statement.

M Haseeb
M Haseeb

Co-founder & CEO of LAFFAZ Media. A tech enthusiast, digital marketer and critical thinker. Has helped over 50 Indian startups by building digital marketing strategies.

Connect: LinkedIn | Twitter | Email

Leave a Reply

Your email address will not be published. Required fields are marked *