Paytm suffered a massive data breach as hackers gained unrestricted access to the database. Paytm is an E-commerce payment system and financial company.
According to Cyble, Which is a US-based cyber-risk intelligence company, said the hackers behind the attack goes by the handle “Kelvin Sec” and “John Wick”.
Cyble Inc, also states that “John Wick” has previously broken into multiple Indian companies and demanded ransom from various companies like OTT platform Zee5, fintech startups, Stashfin, Sumo Payroll, Stashfin, i2ifunding, through other aliases such as ‘South Korea’ and ‘HCKINDIA’.
They were able to upload a backdoor on the Paytm Mall website and through that they gained unrestricted access to their entire databases.
However, It is said that it could be an insider job. The volume of data breached is currently unknown. Cyble claims that attackers have demanded 10 ETH, equivalent to USD 4,000.
“We would like to assure that all user as well as company data is completely safe and secure. We invest heavily in our data security, as you would expect. We have been investigating the claims of a possible hack and data breach, and haven’t found any security lapses yet. We also have a Bug Bounty program, under which we reward responsible disclosure of any security risks. We extensively work with the security research community and safely resolve security anomalies,” said a Paytm Mall spokesperson.