Online intelligence firm Cyble on Sunday said that a cybercrime group demanded ransom after gaining unrestricted access to the entire databases of Paytm Mall, although the e-commerce platform denied the claims. The cybercrime group with the alias "John Wick" was able to upload a backdoor/Adminer on Paytm Mall application/website, said Cyble.

A Paytm Mall spokesperson, however, said that the claims are "absolutely false" and that user data, as well as company data, is secure.

“We have noted and investigated the claims of a possible hack and data breach, and these are absolutely false. We invest heavily in our data security, as you would expect. We also have a Bug Bounty program, under which we reward responsible disclosure of any security risks. We extensively work with the security research community and safely resolve security anomalies,” a Paytm Mall spokesperson said.  

Cyble said that the breach appears to have affected all accounts and related information at Paytm mall, it added.

"Our sources also forwarded us the messages where the perpetrator also claimed they are receiving the ransom payment from the Paytm mall as well," Cyble said, adding that it could not confirm if the ransom was actually paid. 

Leaking data when failing to meet hackers demands is a known technique deployed by various cybercrime groups, including ransomware operators, the online intelligence firm said.

The perpetrator claimed the hack happened due to an insider at Paytm Mall. The claims, however, are unverified. In 2019, the Paytm group faced a fraud allegedly caused due to their employees.

The group "John Wick" has other aliases such as "South Korea", "HCKINDIA". According to Cyble, they have previously targeted Zee5, SquareYards, Stashfin, etc. “One of the tactics used by this group is ‘to act’ as a grey-hat hacker and offer help to companies or victims to fix their bugs,” Cyble said. 

With IANS inputs