What Happened

In August 2020, the Indian payment provider Paytm was reported as having suffered a data breach and subsequent ransom demand, after which the data was circulated publicly. Further investigation into the data concluded that the breach was fabricated and did not originate from Paytm. The impacted data covered 3.4M unique email addresses along with names, phone numbers, genders, dates of birth, income levels and previous purchases.

Compromised Data

Dates of birth
Email addresses
Genders
Geographic locations
Income levels
Names
Phone numbers
Purchases

Recommended Actions

Monitor for Suspicious Activity

Watch for unusual login attempts, spam and phishing emails.

1Password

Use 1Password to generate and store strong, unique passwords for all your accounts.

Try 1Password

Breach Overview

  • Affected Accounts:

    3.4 million

  • Breach Occurred:

    August 2020

  • Added to HIBP:

    26 Jul 2022

Breach Classification

Some breaches may be flagged as "fabricated". In these cases, it is highly unlikely that the breach contains legitimate data sourced from the alleged site but it may still be sold or traded under the auspices of legitimacy.

Often these incidents are comprised of data aggregated from other locations (or may be entirely fabricated), yet still contain actual email addresses unbeknownst to the account holder.

Recommended Actions

Change Your Password

If you haven't changed your Paytm password since 2020, do so immediately.

Enable Two-Factor Authentication

Add an extra layer of security to your account.

Check Other Accounts

If you used the same password elsewhere, change those too.

Monitor for Suspicious Activity

Watch for unusual login attempts or messages from your account.

1Password

Use 1Password to generate and store strong, unique passwords for all your accounts.

Try 1Password