wordpress blog stats
Connect with us

Hi, what are you looking for?

Paytm Mall denies any data breach, claims cybersec firm never contacted them

Paytm Mall, data breach
Credit: Aditi Agrawal

Paytm Mall has denied that its databases have been breached and called Cyble’s report about the hack and subsequent ransom “absolutely false”. In a message to MediaNama, the company’s spokesperson also denied Cyble’s claim that the cybersecurity firm had contacted Paytm Mall informing them about the breach. However, Beenu Arora, the founder and CEO of Cyble, said, “There was some noise about the Paytm Mall breach for some time, but the credible intelligence was received last week only. We reached to Paytm as well and asked for their comments. It’s likely the individual/s may have missed the message – we can’t comment on that.” He further told us that since the disclosure, “Cyble has been in touch with Paytm Group and has provided relevant information for their internal investigations.”

Arora told us that Cyble reached out to Paytm via their social media channels since the company doesn’t have an existing relationship with Paytm. We have asked Arora for the date of contact.

What happened? On Sunday, Cyble, an Atlanta-based cybersecurity firm, alleged that a known cybercrime group, called “John Wick”, used a backdoor in the Paytm Mall website and application to gain unrestricted access to the company’s entire databases. The company alleged that this “potentially affects all accounts and related information at Paytm mall”. Cyble got this information from a former member of the group “John Wick” and this member reportedly claimed that this hack was made possible by an insider in Paytm Mall.

What did “John Wick” want? As per Cyble, “John Wick” demanded 10 ether (ETH), a type of cryptocurrency equivalent to US$4,000, as ransom for the data. At this stage, Cyble wrote, they didn’t know if the ransom had been paid. “John Wick” is the same group that had earlier allegedly breached Zee5 and asked for a “donation” of 10 ETH to help the company fix the bugs. This group had also allegedly acquired booking details (including PAN details) of customers of Square Yards, PAN, Aadhaar and bank details of companies and employees listed with Sumo Payroll, and similar details from Stashfin.

Paytm Mall has denied all claims: A Paytm Mall spokesperson, in a statement to MediaNama, denied the entire report. In response to our questions, the spokesperson said that Cyble did not get in touch with the company informing it about the alleged breach. On Cyble’s claims that this was an insider job and a ransom has been demanded, the spokesperson said, “This news is absolutely false, their has been no conversation and no ransom asked [sic].”

Advertisement. Scroll to continue reading.

“We would like to assure that all user, as well as company data, is completely safe and secure. We have noted and investigated the claims of a possible hack and data breach, and these are absolutely false. We invest heavily in our data security, as you would expect. We also have a Bug Bounty program, under which we reward responsible disclosure of any security risks. We extensively work with the security research community and safely resolve security anomalies.”
— Paytm Mall spokesperson

The Alibaba and e-Bay backed company had 5.5 million daily active users in 2018 and 80,000 sellers in 2018, but that number has reportedly declined after it cut cashbacks by over 80%. In 2019, the company had discovered a fraud of ₹10 crore related to cashbacks and as a result had fired 10 employees and delisted hundreds of sellers.

***Update (August 31, 2020 2:23 pm): Added that Cyble reached out to Paytm on social media. Originally published on August 31, 2020 at 2:04 pm.

Written By

Send me tips at aditi@medianama.com. Email for Signal/WhatsApp.

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



India and US come to terms on how to deal with the equalisation levy in light of the impending Global Tax Deal.


Find out how people’s health data is understood to have value and who can benefit from that value.


The US and other countries' retreat from a laissez-faire approach to regulating markets presents India with a rare opportunity.


When news that Walmart would soon accept cryptocurrency turned out to be fake, it also became a teachable moment.


The DSCI's guidelines are patient-centric and act as a data privacy roadmap for healthcare service providers.

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ