A massive database breach has reportedly hit Paytm, a payment system and financial technology company. The infamous hacker group KelvinSecTeam Hackers are reportedly responsible for the attack.
Usually the members of the group disguised as ethical hackers offer help to companies participating in bug bounty programs. The group seem to operating underground for more than 3 years illegally hacking into systems and accessing sensitive information that belongs to organizations and individuals.
The profile of the team in a hacker forum claims their occupation as APT (Advanced Persistent Threats). The domain kelvinsecuritylabs.com is registered in Godaddy on 2020-05-21.
The hacking group sells stolen databases via store.kelvinsecuritylabs.com or via
- Email: firstname.lastname@example.org
- Telegram: Contact @kelvinsecurity
The group had tweeted the credentials of hacked accounts,
The volume of data stolen is around 85GB. Our sources claim that the attackers have demanded a ransom of 10 ETH.
KelvinSecTeam was able to, upload Adminer tool on Paytm server and, gain unrestricted access to their entire databases. Adminer, is a single PHP file for managing content in MySQL databases.
Sources also claim the attackers were helped by an insider in Paytm developers team. The message from the attackers claim they have received the database via a Paytm developer. The attackers also claimed they are receiving ransom from Paytm. The hacking team is infamous for selling hacked databases. The previous behavior of the hacking team indicates, the team leaks the stolen information even after the ransom was paid.
Paytm spokesperson has assured that the company data is safe, but has not confirmed the hack.