Posted on August 31, 2020 at 4:24 PM
Paytm Mall, an E-commerce platform, has allegedly recently suffered a massive data breach. This alleged data breach was enacted by the “John Wick” cybercriminal group, who were capable of gaining unrestricted access to the company’s entire database.
This comes by way of Cyble Inc, a cyber-risk intelligence platform based in the US. However, the Paytm Mall has gone out of its way to deny this, causing a bit of confusion.
Allegedly Paying $4,300 In ETH As Ransom
Cyble stated that “John Wick” had already breached an array of India-based companies, collecting ransoms from fintechs, the Zee5 OTT platform, Sumo Payroll, Stashfin, as well as i2ifunding. They did so through an array of aliases, such as “HCKINDIA” and “South Korea.”
Cyble claims that John Wick had managed to upload a backdoor or Adminer within the website of the Paytm Mall Application, gaining unrestricted access to the platform’s entire database. According to a source, this hack was possible thanks to an insider within Paytm Mall proper. Cyble, in turn, couldn’t verify these reports, but stated it was possible.
Cyble explained that its sources had forwarded messages to the firm. There, it’s claimed that the perpetrator demanded 10 Ethereum, which is about $4,300, in order to give access back to Paytm Mall. Allegedly, Paytm had paid for it, as well.
This group is well known for its tactics of acting as a “grey hat.” Much like the name suggests, a grey hat is in-between the “good guy” white hat and the “bad guy” black hat. These hackers actively try to breach networks without the permission of the entity owning it, then ask for compensation to fix this issue. John Wick is known to pretend to be a grey hat in order to offer the victim or company a way to fix their issues.
Denial All The Way
In response to this, Paytm Mall has denied these claims, claiming that they had taken measures to verify the matter as well. According to their internal cybersecurity teams, there was no data breach detected.
Paytm Mall gave a public statement about the matter, assuring the public that the data of the platform, be it user or company data, are completely secure and safe. They justified this by highlighting how much they invest in cybersecurity.
They state that the claims have been investigated, but no lapses in security have occurred. Further attempts to ease the public was done through highlighting the Bug Bounty program, rewarding anyone who discloses any form of security risk.
They assured the public that Paytm Mall works extensively in order to safely resolve security anomalies and work with the security research community.
Some Interesting Tidbits
Cyble highlighted how John Wick also seemed to hold a keen interest within India-based companies, in particular. Cyble attributed this to the higher degrees of success it has had when it comes to receiving ransom payments from India-based companies.
Alongside this, data leaks are a common reprisal exercised by malicious actors in order to have the victims meet the demands by the hackers, and has been deployed by an array of cybercrime groups. This, of course, includes ransomware operators. Cyble is still incapable of determining whether or not the ransom itself was actually paid, however.
Cyble highlighted some patterns of John Wick, as well. They explained that the group actively favors attacking tech-based companies, with the ransom demand typically being sent to the support channel emails of the company.
As it stands now, nothing is confirmed, with a bunch of unverifiable sources claiming the breach occurred, and the other side being the company denying it. The issue is, companies typically prioritize money-making over morals.
As such, there’s very little incentive for the company to be completely honest about the matter, barring legal mandate. The next question comes as to why someone would start a rumor like that, to begin with, which itself could lead to some new intrigue. It will be interesting to see how this matter pans out, overall.