India's Most Popular Shopping App Demands US Cybersecurity Startup Stops Hacking Claims
India's most popular online shopping app, Paytm Mall, has sent a 'seize and desist' notice to US cybersecurity startup, Cyble, demanding it stops claiming the app's database has been hacked.
In a blog post on August 30 this year, Cyble claimed it had been tipped off by an alleged ex-member of a hacking group - known as John Wick - that the group had uploaded "a backdoor/Adminer on Paytm Mall application/website and was able to gain unrestricted access to their entire databases." The post then said the perpetrator demanded 10 ETH (Etheruem), equivalent to US$4,000.
The blog also speculated the hack might have been an inside job: "(They) claimed the hack happened due to an insider at Paytm Mall. The claims, however, are unverified, but possible."
As if to show prior inside job 'form', Cyble pointed to a 2019 case, where Paytm Mall faced a fraud caused by junior employees allegedly colluding with sellers to earn cashbacks.
In response to Cyble's blog post, Paytm Mall denied it suffered any security breach and showed its displeasure.
"You have attempted to prey on the reputation of our company by feeding counterfactual and fallacious information to the innocent public who are vulnerable to misinformation," stated the legal notice.
Cyble has acknowledged receiving the notice and will duly put forward all the relevant facts.
As if things weren't interesting enough, a Twitter account linked to Indian Prime Minister, Narendra Modi, was hijacked and the perpertrators, who claimed to be members of John Wick, stated they hadn't hacked Paytm Mall.
Cyble has seven days (from Sept. 4) to respond to the seize and desist notice, after which time criminal and civil suits 'will result'.
Thanks for visiting SecAlerts and reading this story. We offer a free weekly CVE alert service, or an hourly service from $US20/mth, both of which include software updates and news relating to your software stack. Join more than 1,300 other users and sign up.
. . .
If you want to stay notified of vulnerabilities that affect you, register for a weekly security report customised to your stack.