Paytm Mall sends legal notice to US cybersecurity firm over data breach claim

Indian e-commerce giant Paytm Mall has slapped a legal notice against cybersecurity startup Cyble Inc after it claimed that there has been a huge data breach of its database.
US-based cyber intelligence group on August 30 said a huge chunk of data from India’s e-commerce website has been compromised by international hackers. The massive data breach at Paytm which was targeted by an international hacking group known as ‘John Wick’.
Now, the e-commerce firm through its legal notice has asked Cyble to immediately stop making any further false claims on the matter, and issue a public communication stating that the contents of its August 30 blog post are incorrect.
Paytm Mall has given Cyble a week’s time to comply with its requests. In case of non-compliance, the e-commerce firm said that it will move to court and initiate civil and criminal proceedings against the cybersecurity company.
“…you have attempted to prey on the reputation of our company by feeding counterfactual and fallacious information to the innocent public who are vulnerable to misinformation,” the document said.
“The most astonishing fact is that since your organisation is in the business of providing services around this area i.e. cyber threats, risks, and cyber security, thus we expected more sensible, professional and ethical standards from your side,” said Paytm Mall to Cyble, as a part of its legal notice.
“[…]please note that your aforesaid unprofessional and callous act in circulating an unverified and false piece of information in the public has already done damage to the company, as our customers are completely disrupted and terrified by this information,” added Paytm Mall, in its legal notice.
A spokesperson of Cyble told ET that it had received Paytm Mall’s notice related to its blog post about the security breach.
“In this regard, Cyble states that the said notice is under review and a suitable reply shall be given to Paytm Mall placing on record all the relevant facts and its stand,” a spokesperson for the cybersecurity firm said in an email.
Cyble in their blog post wrote a known cybercrime group with the alias ‘John Wick’ was able to upload a backdoor on Paytm Mall application/website and was able to gain unrestricted access to their entire databases.
Hacker group John Wick is said to be responsible for the Paytm Mall database breach. The malicious group has been known for hacking the database of companies under the guise of helping them fix bugs in the system. John Wick is the same notorious group which broke into multiple India companies, and collected ransoms from various organizations. The actor has other aliases such as “South Korea”, “HCKINDIA”.
The volume of data under the control of hackers is still not known. Cyble inc then claimed that attackers have demanded 10 ETH, equivalent to USD 4,000.
“According to the messages forwarded to us by our source, the perpetrator claimed the hack happened due to an insider at Paytm Mall. The claims, however, are unverified, but possible. Our sources also forwarded us the messages where the perpetrator also claimed they are receiving the ransom payment from the Paytm mall as well. Leaking data when failing to meet hackers demands is a known technique deployed by various cybercrime groups, including ransomware operators. At this stage, we are unaware that the ransom was paid,” Cyble stated in an official update.