Paytm Mall Hacked! Ransom Demanded By Hackers To Release Data
The e-commerce unit of payment solutions provider Paytm, Paytm Mall, on Sunday said it has not found any security lapses yet after investigating claims of a possible hack and data breach.
The clarification came after US-based cyber research firm
Cyble had said a hacker group with the alias 'John Wick' was able to gain
unrestricted access to Paytm Mall's databases.
"We would like to assure that all user, as well as
company data, is completely safe and secure... We have been investigating the
claims of a possible hack and data breach, and haven't found any security
lapses yet," a Paytm Mall spokesperson said in a statement.
The spokesperson added that the company invests heavily in
data security, and also has a Bug Bounty programme under which it rewards
responsible disclosure of any security risks.
"We extensively work with the security research
community and safely resolve security anomalies," the spokesperson said.
Cyble, in a blog, had said: "...it appears the actor gained access to their
production database and potentially affects all accounts and related
information at Paytm Mall".
Cyble said based on information available to it, the hack
happened "due to an insider at Paytm Mall" and noted that the claims,
however, are unverified.
"Our sources also forwarded us the messages where the
perpetrator also claimed they are receiving the ransom payment from the Paytm
Mall as well. Leaking data when failing to meet hackers demands is a known
technique deployed by various cybercrime groups, including ransomware
operators. At this stage, we are unaware that the ransom was paid," Cyble
said.
The perpetrator had reportedly demanded 10 ETH (Ethereum)
equivalent to $4,000. Cyble said it has reached out to Paytm Mall for any
comments and is awaiting to hear back.
Comments
Post a Comment