Paytm group suffers a massive data breach – paytm mall hacked and ransom demanded, the cybercrime group demanded ransom after gaining unrestricted access to the entire databases of Paytm Mall, although the e-commerce platform denied the claims.
The cybercrime group with the alias “John Wick” was able to upload a backdoor/Adminer on Paytm Mall application/website, said Cyble. A Paytm Mall spokesperson, however, said that the claims are “absolutely false” and that user data, as well as company data, is secure.
As per the sources, John Wick” is the same notorious group or actor who broke into multiple India companies, and collected ransoms from various organizations. The actor has other aliases such as “South Korea”, “HCKINDIA”. One of the tactics used by this group is “to act” as a grey-hat hacker and offer help to companies or victims to fix their bugs.
“We have noted and investigated the claims of a possible hack and data breach, and these are absolutely false. We invest heavily in our data security, as you would expect. We also have a Bug Bounty program, under which we reward responsible disclosure of any security risks. We extensively work with the security research community and safely resolve security anomalies,” a Paytm Mall spokesperson said.
Cyble said that the breach appears to have affected all accounts and related information at Paytm mall, it added.
According to Wikipedia: “In February 2017, Paytm launched its Paytm Mall app, which allows consumers to shop from 140,000 registered sellers. Paytm Mall is a B2C model inspired by China’s largest B2C retail platform TMall. Sellers have to pass through Paytm-certified warehouses and channels to ensure consumer trust. Paytm Mall has set up 17 fulfilment centres across India and partnered with more than 40 couriers. Paytm Mall raised $200 million from Alibaba Group and SAIF Partners in March 2018.
Now a question mark is on if there any hacking to the data of registered sellers, it would attract penalty up to Rs.5 Crore. However, the terms and conditions are apply. According to an online report from 2018, it has over 5.5 Million daily active users, 80,000 sellers and a product portfolio of 110 million items.
A question is on how to save the Registered partners and persons using various apps related to the Financial transactions. Seems the app providers like Android and IOS are not responsible for any data loss. As it is a matter of fact is citizens and enterprises are suffering from this type of data breach, which is a huge loss to the economy during this crisis time of COVID-19.
An expert says, the Government of India and MeitY, can make a platform ready before any App( Where there is Financial transactions to take place) to operate in the country, it has to get the clearance in terms of all the security has been rightly implemented.
Paytm is backed by some of world’s leading VC funds such as Ant Financials, Softbank Vision Fund, SAIF Partners, Alibaba Group, Berkshire Hathway and many others and leaking data when failing to meet hackers demands is a known technique deployed by various cybercrime groups, including ransomware operators, the online intelligence firm said.