Mystery surrounds alleged Paytm Mall hack, as security firm hit by legal threat

Graham Cluley
Graham Cluley
@[email protected]

Mystery surrounds alleged Paytm Mall hack, as security firm hit by legal notice

According to media reports, India’s leading online shopping app has sent a legal notice to a US security firm demanding that they stop spreading “false” claims that it has been hacked.

Indian financial newspaper Mint says that Paytm Mall has sent the legal notice to Atlanta-based Cyble Inc, which at the end of last month published a blog post (archived here) claiming that the Paytm Group had suffered a “massive data breach” after a hacking group known as “John Wick” had uploaded unauthorised code:

“A known cybercrime group with the alias ‘John Wick’ was able to upload a backdoor/Adminer on Paytm Mall application/website and was able to gain unrestricted access to their entire databases.”

Cyble went on to speculate that the hack might have been assisted by an insider at Paytm Mall.

Furthermore, in its report Cyble said it had been told that the attackers had demanded a cryptocurrency ransom of 10 ETH (approximately US $4,000) be paid.

The blog post clearly wasn’t appreciated by Paytm Mall, which has denied that it has suffered any security breach.

Sign up to our free newsletter.
Security news, advice, and tips.

In its legal notice to Cyble, Paytm Mall gives Cyble one week to issue a public statement saying that its blog post was inaccurate, or it will take the matter to court.

The notice also says:

“The most astonishing fact is that since your organisation is in the business of providing services around this area i.e. cyber threats, risks, and cyber security, thus we expected more sensible, professional and ethical standards from your side…”

“…please note that your aforesaid unprofessional and callous act in circulating an unverified and false piece of information in the public has already done damage to the company, as our customers are completely disrupted and terrified by this information.”

To add an extra twist to the story, last week a Twitter account connected to Indian Prime Minister Narendra Modi was hijacked by hackers.

And what did the hackers post on the Indian PM’s account?

A claim that they were the “John Wick” hacking group, and that they had *not* hacked Paytm Mall.


At the time of writing, Cyble does not appear to be backing down. Its blog post about the alleged data breach at Paytm Mall is still live on its site

So what’s going on?

Has Cyble made a mistake? Has Paytm Mall been hacked or not? Will we eventually see a data breach notification from Paytm Mall or will Cyble remove its blog post? Is it possible that some middle ground might be true – maybe a bounty-seeking hacker found a vulnerability on Paytm’s website and was able to use it to extract data, albeit without the intention of exploiting it maliciously?

I haven’t the foggiest. Only time will tell…

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.