Hours after US-based cyber research firm Cyble said that a hacker group 'John Wick' was able to gain unrestricted access to Paytm Mall's databases, the company refuted claims of a data breach. Paytm Mall on August 30 said it has not found any security lapses yet after investigating claims of a possible hack and data breach.
"We would like to assure that all user, as well as company data, is completely safe and secure... We have been investigating the claims of a possible hack and data breach, and haven't found any security lapses yet," a Paytm Mall spokesperson said in a statement.
Paytm Mall suffers massive data breach as hackers gain 'unrestricted access' into database: Report
The spokesperson further said that the company invests heavily in data security, and also has a Bug Bounty programme under which it rewards responsible disclosure of any security risks. "We extensively work with the security research community and safely resolve security anomalies," the spokesperson said.
Cyble said that based on information available to it, the hack happened "due to an insider at Paytm Mall."
Cyble in an official update said, "The claims (of the hack), however, are unverified, but possible. Our sources also forwarded us the messages where the perpetrator also claimed they are receiving the ransom payment from the Paytm mall as well. Leaking data when failing to meet hackers demands is a known technique deployed by various cybercrime groups, including ransomware operators. At this stage, we are unaware that the ransom was paid.”
Cyble also claimed that attackers have demanded 10 ETH, equivalent to USD 4,000.
Paytm Mall is the e-commerce unit of payment solutions provider Paytm. Last year, Paytm found itself in the midst of Rs 10 crore fraud. The company found out that some sellers were colluding with junior employees to earn a large percentage of cashback.
Some employees of the Alibaba-backed Paytm allegedly worked with third-party vendors and created fake orders to siphon off cashback offers, according to reports.
Also read: Cybersecurity attack: Your questions about what it is, its various types & how to be safe answered
