Paytm Mall data breach – Hackers gain ‘unrestricted access’ into database

The incident remains unverified however report from the cyber security firm Cyble suggests hackers are demanding ransom from Paytm Mall and selling its data on hacker forums.

The Indian e-commerce payment system and financial technology company Paytm has allegedly suffered a massive data breach after hackers accessed its Paytm Mall database. 

Although it is unclear how much data was stolen from the company or what was included in the stolen data, according to cybersecurity firm Cyble the hackers behind the attack go by the online handle of “John Wick” and “Kelvin Sec.” 

Cyble also states that hackers gained “unrestricted access to their entire databases” after uploading a backdoor/Adminer on Paytm Mall application and website. 

What’s worse for PayTM that the hackers are reportedly demanding ransom and threatening to leak the data if their demands are not met. Moreover, researchers are also hinting that if the breach did take place it could be an “insider job” as well.

According to the messages forwarded to us by the source, the perpetrator claimed the hack happened due to an insider at Paytm Mall. The claims, however, are unverified, but possible. In 2019, the company faced a fraud allegedly caused due to their junior employees, Cyble said in a blog post.

On the other hand, Hackread.com has identified a post on a Russian hacker forum where “Kelvin Sec” is claiming to sell the Paytm Mall’s database. The hacker hasn’t shared any proof of the data however they are urging potential buyers to contact them through email.

Furthermore, Cyble confirmed that hackers have demanded 10 ETH for the data which was around $4,233 at the time of publishing this article.

“Our sources also forwarded us the messages where the perpetrator also claimed they are receiving the ransom payment from the Paytm mall as well. Leaking data when failing to meet hackers’ demands is a known technique deployed by various cybercrime groups, including ransomware operators. At this stage, we are unaware that the ransom was paid,” Cyble stated in an official update, Cyble wrote.

Hackread.com contacted Paytm but all emails sent to the company’s customer service email addresses bounced back.

This article will be updated accordingly. Stay tuned! 

Did you enjoy reading this article? Do like our page on Facebook and follow us on Twitter.