Paytm Mall breach allegation found to be fabricated, withdrawn

An allegation that user data of Paytm Mall was leaked in 2020 has been retracted by the owner of Haveibeenpwned.com, a website that keeps users informed about their online accounts that have been compromised in a breach. The platform’s owner Troy Hunt clarified in a Twitter post that data has no connection to Paytm and the breach seems fabricated. Paytm Mall rejected the claim last week and said in a statement that the data of its users is completely safe. 

In August 2020, a report claimed that 3.4 million accounts were compromised during the breach, exposing information like phone numbers, email addresses, dates of birth, gender, geographic locations, income levels, names and purchases.

At that time, Paytm Mall denied claims and said there was no hack at all. But earlier this week, Firefox Monitor again cited a data breach said they “added the breach in their database on July 26, 2022, after discovering and verifying it”. 

“A website data breach happens when cyber criminals steal, copy or expose personal information from online accounts. It can sometimes take months or years for credentials exposed in a data breach to appear on the dark web. Breaches get added to its database as soon as they have been discovered and verified,” Firefox Monitor said. 

Strongly denying the breach, Paytm Mall spokesperson said that the “data of its users is completely safe and claims related to a data leak in the year 2020 are completely false and unsubstantiated”.

"A fake dump uploaded on the platform haveibeenpwned.com appears to wrongly alert of a data breach on Firefox. We are in touch with Firefox and the platform to resolve the matter," the company had said.

Paytm was recently in the news after its IPO tanked on the share market.