[BreachExchange] Mystery surrounds alleged Paytm Mall hack, as security firm hit by legal threat

Wed Sep 9 10:11:32 EDT 2020

https://grahamcluley.com/mystery-surrounds-alleged-paytm-mall-hack-as-security-firm-hit-by-legal-notice/

According to media reports, India’s leading online shopping app has
sent a legal notice to a US security firm demanding that they stop
spreading “false” claims that it has been hacked.

Indian financial newspaper Mint says that Paytm Mall has sent the
legal notice to Atlanta-based Cyble Inc, which at the end of last
month published a blog post (archived here) claiming that the Paytm
Group had suffered a “massive data breach” after a hacking group known
as “John Wick” had uploaded unauthorised code:

“A known cybercrime group with the alias ‘John Wick’ was able to
upload a backdoor/Adminer on Paytm Mall application/website and was
able to gain unrestricted access to their entire databases.”

Cyble went on to speculate that the hack might have been assisted by
an insider at Paytm Mall.

Furthermore, in its report Cyble said it had been told that the
attackers had demanded a cryptocurrency ransom of 10 ETH
(approximately US $4,000) be paid.

The blog post clearly wasn’t appreciated by Paytm Mall, which has
denied that it has suffered any security breach.

Security news, advice, and tips.

In its legal notice to Cyble, Paytm Mall gives Cyble one week to issue
a public statement saying that its blog post was inaccurate, or it
will take the matter to court.

The notice also says:

“The most astonishing fact is that since your organisation is in the
business of providing services around this area i.e. cyber threats,
risks, and cyber security, thus we expected more sensible,
professional and ethical standards from your side…”

“…please note that your aforesaid unprofessional and callous act in
circulating an unverified and false piece of information in the public
has already done damage to the company, as our customers are
completely disrupted and terrified by this information.”

To add an extra twist to the story, last week a Twitter account
connected to Indian Prime Minister Narendra Modi was hijacked by
hackers.

And what did the hackers post on the Indian PM’s account?

A claim that they were the “John Wick” hacking group, and that they
had *not* hacked Paytm Mall.

At the time of writing, Cyble does not appear to be backing down. Its
blog post about the alleged data breach at Paytm Mall is still live on
its site

So what’s going on?

Has Cyble made a mistake? Has Paytm Mall been hacked or not? Will we
eventually see a data breach notification from Paytm Mall or will
Cyble remove its blog post? Is it possible that some middle ground
might be true – maybe a bounty-seeking hacker found a vulnerability on
Paytm’s website and was able to use it to extract data, albeit without
the intention of exploiting it maliciously?

I haven’t the foggiest. Only time will tell…