The alleged breach took place on August 30, 2020 and compromised user data such as mobile numbers, email addresses, dates of birth: Firefox Monitor
Other confidential information such as gender, geographic location, income level as well as purchase details were also allegedly leaked in the data breach
The data of our users is completely safe and claims related to data leak in the year 2020 are completely false and unsubstantiated: Paytm Mall
Fintech major Paytm allegedly suffered a major data breach in 2020 that affected close to 3.4 Mn customers, according to security tracker Firefox Monitor.
The alleged breach took place on August 30, 2020 and compromised user data such as mobile numbers, email addresses, dates of birth. Other purported confidential information such as gender, geographic location, income level as well as purchase details were also leaked in the data breach.
“A website data breach happens when cyber criminals steal, copy, or expose personal information from online accounts. It’s usually a result of hackers finding a weak spot in the website’s security. Breaches can also happen when account information gets leaked by accident,” Firefox Monitor said while describing the data breach.
On questions about why it took two years to report the leak, the security tracker said, “It can sometimes take months or years for credentials exposed in a data breach to appear on the dark web. Breaches get added to our database as soon as they have been discovered and verified.”
Meanwhile, Paytm’s ecommerce arm Paytm Mall rubbished the report and said that data of all its users is safe
“The data of our users is completely safe and claims related to data leak in the year 2020 are completely false and unsubstantiated. A fake dump uploaded on the platform haveibeenpwned.com appears to wrongly alert of a data breach on Firefox. We are in touch with Firefox and the platform to resolve the matter,” Paytm Mall said in a statement.
Terming the reports unsubstantiated, Paytm Mall claimed that the hacker and the cyber-risk intelligence firm Cyble, who had raised alarm over a possible data breach at Paytm in 2020, had themselves confirmed that there was no breach
It is pertinent to note that the clarification came from Paytm Mall, not Paytm
Inc42 has reached out to Paytm to know if any other arm of it was affected by the alleged data breach. The story will be updated as and when the fintech major responds.
In August 2020, Cyble had claimed that the ecommerce arm of Paytm had suffered a data breach. The US-based firm had also alleged that the attackers were demanding ransom in cryptocurrency in exchange for the data.
Later, Paytm slapped a legal notice on Cyble, warning the cybersecurity firm of civil and criminal proceedings. Consequently, Cyble recanted its claim and said that there was no breach.
The development comes at a time when Indian companies are grappling with growing cyberattacks that have raised alarm over the cybersecurity apparatus within these firms. Earlier this week, fintech player Policybazaar reported that its IT systems had suffered a cyberattack and were subject to illegal and unauthorised access.
Cleartrip also informed its customers this month that it had suffered a data breach that exposed the personal details of some customers. The Securities and Exchange Board of India (SEBI) also lodged an FIR recently over a cyber security incident involving its email system.
The government recently informed the Parliament that more than 6.74 Lakh cybersecurity incidents were reported in the first six months of 2022.