‘John Wick’ was able to upload a backdoor or Adminer on Paytm Mall application website and was able to gain unrestricted access to their entire databases […] According to the messages forwarded to us by the source, the perpetrator claimed the hack happened due to an insider at Paytm Mall. The claims, however, were unverified, but possible,” said a Cyble blogpost on Sunday.

According to Cyble, its sources also forwarded them messages where the perpetrator claimed to have demanded 10 Ethereum (ETH), equivalent to $4,000 and was receiving the ransom payment from the Paytm Mall. One of the tactics used by this group was to act as a ‘grey-hat’ hacker and offer help to companies or victims to fix their bugs, said Cyble in its report. A ‘grey hat’ is a computer hacker who looks for vulnerabilities in platforms and systems, without the owner’s knowledge and asks for a fee to fix the issue.

Paytm Mall had denied this claim and said that it had undertaken measures to verify the matter, with no data breaches detected by its internal cyber security teams.

• LATEST – Sensitive Data of 9.9 Million Mobikwik Users Leaked Online, March 2021

In what is believed to be one of the worst cases of data leaks, important information of 9.9 crore Mobikwik users has been leaked online, which the digital payments company has denied. The disclosure about the data leak was made by cybersecurity analyst Rajashekhar Rajaharia who has also written to the Reserve Bank of India, Indian computer emergency response team, PCI Standards, and payment technology firms, etc.

Mobikwik has denied these claims saying that it is a regulated entity and takes security very seriously. The platform claimed that it is closely working with requisite authorities on this matter, and considering the seriousness of the allegations will get a third party to conduct a forensic data security audit.

The recent data leak is of serious nature as it is said to have exposed important user information including mobile phone number, bank account details, email, and even credit card numbers of 9.9 crore Mobikwik users. Once again after embarrassing the TRAI Chief and UIDAI, the screenshots of the Mobiwik breach were posted on Twitter by French security researcher Elliot Alderson. He called it the “largest KYC data leak in the history”.

Even though Mobikwik has denied this leak, there are number of reasons to believe that a breach was made. First, a group of hackers by the name of Jordandaven emailed the link of the database to PTI. They shared the data of Mobikwik founder Bipin Preet Singh and Mobikwik CEO Upasana Taku from the database.

The hackers who earlier maintained that they only want to get money from the company and do not plan to use it otherwise, pulled down the website it had set up to showcase the stolen data from Mobikwik’s servers, claiming that all of it has been deleted from their servers and the users are now safe.

Digpu News Research

We at Digpu News tried to dig deeper into this pit of OTP troubles, Data Breaches, Banking, Scam Calls and Spam Calls. We asked our employees to keep a track of their bank balances and the calls they received. As it turns out, the frequency of Scam Calls and Spam Calls that one receives, is directly proportional to his/her bank balance. When the Bank Balance of our co-founders Kunwar Devender Singh and Cheshta Bakshi went above a certain amount, the calls seemed to double in frequency and once the bank balance dropped down to a few thousand rupees, they completely stopped.