According to security watchdog Firefox Monitor, Paytm experienced a massive data breach in 2020 that affected over 3.4 million consumers. The data breach also exposed other purportedly personal information, including gender, location, income level, and transaction details.
In a statement outlining the data breach, Firefox Monitor said, “A website data breach happens when cyber criminals steal, copy, or expose personal information from online accounts. It’s usually a result of hackers finding a weak spot in the website’s security. Breaches can also happen when account information gets leaked by accident.” The security tracker responded to speculations about why it took two years to report the leak, saying that it "can sometimes take months or years for credentials exposed in a data breach to appear on the dark web. Once they are identified and confirmed, breaches are added to our database."
Paytm Mall, the e-commerce subsidiary of Paytm, dismissed the report and stated that all of its consumers' data is secure. Paytm Mall issued a statement, “The data of our users are safe and claims related to a data leak in the year 2020 are completely false and unsubstantiated. A fake dump uploaded on the platform haveibeenpwned.com appears to be wrongly alert of a data breach on Firefox. We are in touch with Firefox and the platform to resolve the matter.”
Paytm Mall dismissed the reports as baseless, claiming that the hacker and cyber-risk intelligence agency Cyble, who had raised the alarm about a possible data breach at Paytm in 2020, had independently certified that there was no breach. It is worth noting that the clarification came from Paytm Mall rather than Paytm.
Cyble reported in August 2020 that Paytm's e-commerce division had experienced a data breach. The US-based agency also claimed that the attackers demanded a cryptocurrency ransom in exchange for the data. Later, Paytm approached Cyble with a legal notice, threatening civil and criminal procedures. As a result, Cyble retracted its claims and stated that no breach occurred.
The news comes at a time when Indian companies are dealing with increasing cyberattacks that have prompted concerns about their cybersecurity infrastructure. Policybazaar, a fintech company, announced earlier this week that its IT systems had been hacked and were vulnerable to illegal and unauthorised access.