According to media reports, India’s leading online shopping app has sent a legal notice to a US security firm demanding that they stop spreading “false” claims that it has been hacked.
Indian financial newspaper Mint says that Paytm Mall has sent the legal notice to Atlanta-based Cyble Inc, which at the end of last month published a blog post (archived here) claiming that the Paytm Group had suffered a “massive data breach” after a hacking group known as “John Wick” had uploaded unauthorised code:
“A known cybercrime group with the alias ‘John Wick’ was able to upload a backdoor/Adminer on Paytm Mall application/website and was able to gain unrestricted access to their entire databases.”
Cyble went on to speculate that the hack might have been assisted by an insider at Paytm Mall.
Furthermore, in its report Cyble said it had been told that the attackers had demanded a cryptocurrency ransom of 10 ETH (approximately US $4,000) be paid.
The blog post clearly wasn’t appreciated by Paytm Mall, which has denied that it has suffered any security breach.
In its legal notice to Cyble, Paytm Mall gives Cyble one week to issue a public statement saying that its blog post was inaccurate, or it will take the matter to court.
The notice also says:
“The most astonishing fact is that since your organisation is in the business of providing services around this area i.e. cyber threats, risks, and cyber security, thus we expected more sensible, professional and ethical standards from your side…”
“…please note that your aforesaid unprofessional and callous act in circulating an unverified and false piece of information in the public has already done damage to the company, as our customers are completely disrupted and terrified by this information.”
To add an extra twist to the story, last week a Twitter account connected to Indian Prime Minister Narendra Modi was hijacked by hackers.
And what did the hackers post on the Indian PM’s account?
A claim that they were the “John Wick” hacking group, and that they had *not* hacked Paytm Mall.
At the time of writing, Cyble does not appear to be backing down. Its blog post about the alleged data breach at Paytm Mall is still live on its site
So what’s going on?
Has Cyble made a mistake? Has Paytm Mall been hacked or not? Will we eventually see a data breach notification from Paytm Mall or will Cyble remove its blog post? Is it possible that some middle ground might be true – maybe a bounty-seeking hacker found a vulnerability on Paytm’s website and was able to use it to extract data, albeit without the intention of exploiting it maliciously?
I haven’t the foggiest. Only time will tell…
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.