Data breach at Paytm Mall

You are currently viewing Data breach at Paytm Mall

 

On July 27, Paytm Mall refuted claims that a hack in 2020 exposed the data of its patrons. Customers were informed by the website haveibeenpwned.com that a data breach involving Paytm had affected approximately 34 lakh user accounts. The firm then released a statement.

Additionally, Mozilla Firefox Monitor collected the information and uploaded the breach to its website. On July 26, Paytm was added to the website’s list of the most recent data breaches, which lets users check whether their personal information has been exposed. Firefox Monitor, an online tool created by Mozilla, has publicly acknowledged the data breach two years after it was allegedly experienced by Paytm Mall, the e-commerce division of Paytm.

Paytm and Paytm Mall

Paytm Mall, the e-commerce division of the financial services company Paytm, was established in 2017.

For its consumers, Paytm has established the online shopping portal Paytm Mall. Simply said, Paytm Mall provides its consumers with a mall and market in one. You may shop for millions of various sorts of things from many different merchants, including fashion accessories, electronics, furniture, and other items that are not offered by Paytm, via the Paytm Mall app. Additionally, you may utilize your Paytm Mall coupons to get rebates and rewards on your purchases. One may argue that Paytm Mall is only a shopping destination where users can save money by applying different Paytm Mall coupons.

However, Paytm Mall does not allow you to recharge your phone, pay bills, purchase tickets for a variety of purposes, or engage in other financial operations. You can only carry out such tasks using Paytm Mall.

On Paytm Mall, you may purchase an infinite variety of goods from an infinite number of vendors, including everything from phones and furniture to clothing and cosmetics. With the help of the Paytm Mall coupons, you can get them at a bargain price. CashKaro enables you to get additional cashback on your purchases. To order the things you want through CashKaro, just apply your Paytm Mall promotional coupons. Due to the partnerships between CashKaro and Paytm Mall, you will be assured cashback.

The News of Paytm Leak

A report from August 2020 said that the hack had exposed 3.4 million accounts. At the time, Paytm Mall refuted accusations and said that no hack had occurred. However, Firefox Monitor again mentions a data breach on Tuesday, stating that “Once the breach was detected and validated, it was uploaded to our database on July 26, 2022.”

It is claimed that information such as phone numbers, email addresses, dates of birth, genders, income levels, and localities has been hacked. According to Firefox Monitor, Have I Been Pwned, a service that enables users to search across numerous breaches gave the breach data. According to the allegation, a hacking organization going by the name of “John Wick” was able to obtain complete access to the Paytm Mall database and has requested ransom in return for the data.

Have I Been Pwned said on Twitter the data included 3.4 million distinct email addresses, of which 77% were already in the @haveibeenpwned database? According to Firefox Monitor, a website data breach occurs when online accounts’ personal information is taken, copied, or exposed by cyber criminals. Credentials revealed in a data breach may take months or years to surface on the dark web. As soon as a breach is identified and confirmed, it is immediately uploaded to the database, according to Firefox Monitor.

A spokesman for Paytm Mall vehemently denied the breach, stating that all customer data was secure and that any accusations of a data leak in 2020 were untrue and unsupported.

“It appears that a false dump posted on the website haveibeenpwned.com misinformed alerted of a data breach on Firefox browser. To remedy the problem, we are speaking with Firefox and the platform, the representative stated.

The Other side of the coin

The Indian e-commerce company Paytm Mall is a division of the financial services company Paytm. According to Atlanta-based cyber security company Cyble, a known hacker was able to get full access to Paytm Mall’s database by placing a backdoor on the website of the Indian e-commerce company.

The explanation followed claims made by US-based cyber research firm Cyble that a hacker gang using the identity “John Wick” was able to access Paytm Mall’s databases without restriction.

According to Cyble’s intelligence, the attack occurred “thanks to an insider at Paytm Mall,” although the assertions are unsubstantiated.

“Our sources also sent us communications in which the criminal stated they were also getting the ransom money from the Paytm Mall. Data leakage is a well-known tactic used by a variety of cybercrime organizations, including ransomware operators. We are not aware that the ransom was paid as of yet,” Cyble stated.

According to reports, the attacker requested 10 ETH (Ethereum), which is equal to USD 4,000. Cyble claimed to have contacted Paytm Mall for any remarks and is still expecting a response.

The firm makes significant investments in data protection, the representative continued, and it also has a Bug Bounty program that rewards responsible disclosure of any security issues.

The representative stated, “We closely collaborate with the security research community and securely fix security abnormalities.

RBI prohibits Paytm Payments Bank from accepting new clients

Regarding “some substantial supervisory issues noticed in the bank,” the Reserve Bank of India on 2020 ordered Paytm Payments Bank Ltd. to immediately cease onboarding new clients. The RBI declared that it was taking action against the payments bank by section 35A of the Banking Regulation Act of 1949. The RBI stated in a statement posted on its website that “the bank has also been asked to hire an IT audit company to perform a full System Audit of its IT system.”

Following the assessment of the IT auditors’ findings, the RBI will need to specifically approve Paytm Payments Bank Ltd.’s request to onboard new clients. According to statistics on its website, the banking division of digital payments company Paytm, which is funded by China’s Ant Group and Japan’s SoftBank, offers services to more than 300 million wallets and 60 million accounts.

Paytm’s Statement against the Leak

The CEO of Paytm Payments Bank, Mr. Vijay Shekhar Sharma has stated that there has been virtually no observation, remark, or feedback about any issue relating to data access or sharing, much alone the addition of Chinese flavor. It is incredibly sensational, ridiculous, and irrational for someone to present this as observation when no nearby or distant reference could be even somewhat understood as having any connection to the news that is the subject of Paytm rumors. Since the outset, Paytm bank systems have been entirely secure in India. The system is entirely controlled and supervised by numerous IT rules of the central bank, RBI, and payment regulators, as well as by localization laws in India.

After looking into rumors of a potential hack and data breach, Paytm Mall, the company’s e-commerce division, announced on Sunday that it had not yet discovered any security flaws.

 

 

 

 

 

 

 

 

 

Leave a Reply