Skip to main content

Online grocery store BigBasket leaks out big data - possibly 20 million

Data Breach
(Image credit: Shutterstock)
Audio player loading…

Well-known e-grocer BigBasket is said to have suffered a data breach and various details of around 20 million users may have been leaked on the dark web, according to a American cybersecurity firm. 

Data worth Rs 30 lakh has been sold, according to the research team of the Atlanta-based Cyble Inc, which found out the breach during routine 'dark web monitoring'.

In a blog post, it said: "the Research team at Cyble found the database of Big Basket for sale in a cyber-crime market, being sold for over $40,000. The leak contains a database portion; with the table name ‘member_member’. The size of the SQL file is ~ 15 GB, containing close to 20 Million user data. More specifically, this includes full names, email IDs, password hashes (potentially hashed OTPs), pin, contact numbers (mobile + phone), full addresses, date of birth, location, and IP addresses of login among many others." 

Cyble, which says that the breach occurred on October 30, has already informed the management team of the leak and they are currently working towards a disclosure process.

BigBasket's response

The Bengaluru-based BigBasket said, in a statement, that the privacy and confidentiality of customers was a priority and it does not store any financial data including credit card numbers. The company said that it is confident that this financial data is secure.

"The only customer data that we maintain are email IDs, phone numbers, order details, and addresses so these are the details that could potentially have been accessed. We have a robust information security framework that employs best-in-class resources and technologies to manage our information. We will continue to proactively engage with best-in-class information security experts to strengthen this further,” it added. 

BigBasket said that it learnt a few days ago about a potential data breach. The company is evaluating the extent of the breach and authenticity of the claim in consultation with cybersecurity experts and finding immediate ways to contain it. "We have also lodged a complaint with the Cyber Crime Cell in Bengaluru and intend to pursue this vigorously to bring the culprits to book,” BigBasket said in the statement.

Cyble's previous work 

Recently, Cyble had also brought to light the hacking at Paytm Mall, the e-commerce marketplace wing of Paytm. John Wick, the hacker group allegedly behind the breach, was also instrumental in hacking the Twitter account linked to Indian Prime Minister Narendra Modi's personal website and a mobile app.

The dos and donts to avoid data breach

Cyble lists out a few ways to prevent cyber-attacks. (Image credit: Cyble)

Cyble has also exposed data breaches in companies like Truecaller, Dunzo, Unacademy, Naukri.com, Bharat Earth Movers Limited (BEML), LimeRoad and IndiaBulls.

Source: Cyble

Balakumar K

Over three decades as a journalist covering current affairs, politics, sports and now technology. Former Editor of News Today, writer of humour columns across publications and a hardcore cricket and cinema enthusiast. He writes about technology trends and suggest movies and shows to watch on OTT platforms.