An insider is suspected to have helped the hacking group gain access to the database.
The group with the alias "John Wick" was able to upload a backdoor/Adminer on Paytm Mall application/website, said the report.
It appears the breach affects all accounts and related information at Paytm mall, it added.
"Our sources also forwarded us the messages where the perpetrator also claimed they are receiving the ransom payment from the Paytm mall as well," Cyble said, adding that it could not confirm if the ransom was actually paid.
Leaking data when failing to meet hackers demands is a known technique deployed by various cybercrime groups, including ransomware operators, the online intelligence firm said.
The perpetrator claimed the hack happened due to an insider at Paytm Mall.
The claims, however, are unverified.
In 2019, the company faced a fraud allegedly caused due to their junior employees.
Paytm Mall was yet to respond to the report of the data breach.