Recent developments shed light on the alleged data breach incident involving Paytm Mall, with new insights suggesting fabricated data rather than an actual breach. Let’s delve into the details surrounding this revelation.
Context and Updates
On July 29, Troy Hunt, the founder of Have I been Pwned, initially reported a data breach at Paytm Mall in 2020. However, following discussions with Paytm’s information security team, it was revealed that the data did not originate from Paytm and was deemed fabricated.
In a tweet, Troy Hunt stated, “An update on this breach: after loading it into @haveibeenpwned, the head of @paytm’s infosec team reached out and we had a chat about the authenticity of the data, which they believe didn’t originate from them. We now collectively believe it’s fabricated.”
Background on Paytm Mall
Paytm, recognized as a leading wallet and payment services platform, faced allegations of a significant data breach in 2020. Despite the company’s denial, reports surfaced regarding a ransom demand post the alleged breach.
Firefox Monitor, a security tracker by Mozilla, confirmed the data breach, citing the discovery of data belonging to over 3.4 million users online.
Paytm’s Clarification
In response to the allegations, Paytm issued a clarification regarding the leak. A Paytm spokesperson emphasized that user data remained secure, refuting claims of a data breach in 2020 as false and unsubstantiated. The spokesperson mentioned that a fake data dump on haveibeenpwned.com led to inaccurate alerts about a breach on Firefox browser.
Details of Compromised Information
According to Firefox Monitor’s report, compromised data included users’ phone numbers, email addresses, purchase histories, gender, date of birth, location, and income levels. However, sensitive payment information like saved cards remained unaffected.
Checking Data Compromise
If you’re a Paytm user concerned about potential data compromise, you can verify the status using the following steps:
- Visit the Have I been Pwned website.
- Enter your email address or phone number and click “pwned?”
- Review the list of websites or apps where your data may have been compromised.
While Firefox Monitor and Have I been Pwned alerted several users about compromised data during the alleged Paytm breach, the clarification from Paytm indicates a fabricated scenario rather than an actual breach, offering reassurance to users regarding their data security.
