Paytm Mall breach data is fabricated, says Have I been Pwned founder Troy Hunt

Paytm Mall breach data is fabricated, says Have I been Pwned founder Troy Hunt
Representational image.BCCL
  • An earlier report had suggested that Paytm Mall suffered a massive data breach in August 2020.
  • It was expected that the breach had compromised data such as the user’s phone number, email address, purchase history, and more.
  • An investigation by Troy Hunt has now revealed that the breached data has been fabricated.
Update on July 29: Troy Hunt, the founder of Have I been pwned, the platform that had earlier claimed that a data breach occurred at Paytm Mall in 2020 has now revealed that after a chat with Paytm’s team, he has discovered that the data did not originate from Paytm and that it was fabricated.

“An update on this breach: after loading it into @haveibeenpwned, the head of @paytm's infosec team reached out and we had a chat about the authenticity of the data, which they believe didn't originate from them. We now collectively believe it's fabricated,” Troy Hunt said in a tweet.

Paytm, one of the largest wallet and payment services platforms, reportedly suffered a massive data breach in 2020. While the company has not accepted this, it had reportedly received a ransom demand after the data breach.

Complimentary Tech Event
Transform talent with learning that works
Capability development is critical for businesses who want to push the envelope of innovation.Discover how business leaders are strategizing around building talent capabilities and empowering employee transformation.Know More
Firefox Monitor, a security tracker by Mozilla that informs users if their mobile number or email has been compromised in a data breach, has today confirmed that Paytm suffered a data breach in 2020 and that data of over 3.4 million users has been discovered online.

Update - Paytm has clarified the leak. “The data of our users is completely safe & claims related to data leak in the year 2020 are completely false and unsubstantiated. A fake dump uploaded on the platform appears to wrongly alert of a data breach on Firefox browser. We are getting in touch with Firefox and the platform to resolve the matter," a Paytm spokesperson said in a statement to Business Insider India.


What information was compromised in the data breach?

According to a report by Firefox Monitor, the data breach compromised information such as the user’s phone number, email address, purchase history, gender, date of birth, location and income levels.

Fortunately, payment information such as saved cards was not compromised during the data breach.

You need not change your passwords as the data breach did not compromise the passwords.

How to find out if your data was compromised?

If you are a Paytm user and wish to know if your data has been compromised, you can follow the below steps –

  • Go to Have I been pwned website here.
  • Enter your email address or phone number and click “pwned?”.
  • You will then be able to see all the websites or apps where your data was compromised.
Several users have been warned by Firefox Monitor, and Have I been pwned that their data was compromised during the breach on Paytm.


OnePlus 10T to launch soon in India – launch date, expected specifications and everything you need to know

Redmi K50i review: A solid performer but lacks the charm of its predecessor

Google rolls out final Android 13 beta – eligible devices, how to download, and everything you need to know