It is believed that cybercrime group with the alias ‘John Wick’ has been able to upload a backdoor on the Mall application or website and gain unrestricted access to the entire database of Paytm Mall. We await confirmation.
The entire database of online shopping platform Paytm Mall may have been hacked. At least if the details released by cyber risk intelligence platform Cyble are to be believed. Cyble, the US based company, has said that a known cybercrime group with the alias ‘John Wick’ has been able to upload a backdoor on the Mall application or website and gain unrestricted access to the entire database of Paytm Mall. At this time, it is not clear what the extent of this breach is, if at all such an incident has happened. And there is also no clarity on whether this has also impacted the database of financial platform Paytm.
News18 has reached out to Paytm for a statement and will update as soon as we hear from the company. The report also claims that this breach has happened because of a Paytm Mall insider. “According to the messages forwarded to us by the source, the perpetrator claimed the hack happened due to an insider at Paytm Mall. The claims, however, are unverified, but possible. In 2019, the company faced a fraud allegedly caused due to their junior employees,” says Cyble. There is also talk of hackers making ransom demands, but that claim remains unverified—but sources say that the hackers have demanded 10 ETH (Ethereums) which is equivalent to US$4,000. According to the latest conversion figures, 1 ETH is equal to around US$424. Ethereum is a cryptocurrency platform.
“We would like to assure that all user, as well as company data, is completely safe and secure… We have been investigating the claims of a possible hack and data breach, and haven’t found any security lapses yet,” a Paytm Mall spokesperson said in a statement reported by PTI. The company also says, “We extensively work with the security research community and safely resolve security anomalies.”
Paytm has the backing of some of the world’s leading VC funds including Ant Financials, Softbank Vision Fund, SAIF Partners, Alibaba Group and Berkshire Hathway. Incidentally, Paytm also runs a bug-bounty program where they invite researchers to submit security issues. Paytm Mall is part this program. In India, the Paytm Mall online shopping platform competes with the likes of Amazon.in and Flipkart in India. At this time, the Paytm platform is one of the, if not the largest, digital payment platforms in India. Paytm offers digital payments including bill payments, money transfers as well as investments. Paytm at this time is also rolling out stock trading as part of the Paytm Money app.
The Cyble report says that “John Wick” is the same actor or a group of people who have hacked multiple organizations in India and collected ransoms. They use aliases such as “South Korea” and “HCKINDIA”. The previous companies or platforms that the group has hacked include Zee5, SquareYards, Stashfin, Sumo Payroll, Square Capital, i2ifunding and e27.