Well-known e-grocer BigBasket is said to have suffered a data breach and various details of around 20 million users may have been leaked on the dark web, according to a American cybersecurity firm.
Data worth Rs 30 lakh has been sold, according to the research team of the Atlanta-based Cyble Inc, which found out the breach during routine 'dark web monitoring'.
In a blog post, it said: "the Research team at Cyble found the database of Big Basket for sale in a cyber-crime market, being sold for over $40,000. The leak contains a database portion; with the table name ‘member_member’. The size of the SQL file is ~ 15 GB, containing close to 20 Million user data. More specifically, this includes full names, email IDs, password hashes (potentially hashed OTPs), pin, contact numbers (mobile + phone), full addresses, date of birth, location, and IP addresses of login among many others."
Cyble, which says that the breach occurred on October 30, has already informed the management team of the leak and they are currently working towards a disclosure process.
- Check out our list of the best identity theft protection out there
- We've built a list of the best password managers available
- Here's our list of the best email services on the market
BigBasket's response
The Bengaluru-based BigBasket said, in a statement, that the privacy and confidentiality of customers was a priority and it does not store any financial data including credit card numbers. The company said that it is confident that this financial data is secure.
"The only customer data that we maintain are email IDs, phone numbers, order details, and addresses so these are the details that could potentially have been accessed. We have a robust information security framework that employs best-in-class resources and technologies to manage our information. We will continue to proactively engage with best-in-class information security experts to strengthen this further,” it added.
BigBasket said that it learnt a few days ago about a potential data breach. The company is evaluating the extent of the breach and authenticity of the claim in consultation with cybersecurity experts and finding immediate ways to contain it. "We have also lodged a complaint with the Cyber Crime Cell in Bengaluru and intend to pursue this vigorously to bring the culprits to book,” BigBasket said in the statement.
Cyble's previous work
Recently, Cyble had also brought to light the hacking at Paytm Mall, the e-commerce marketplace wing of Paytm. John Wick, the hacker group allegedly behind the breach, was also instrumental in hacking the Twitter account linked to Indian Prime Minister Narendra Modi's personal website and a mobile app.
Cyble has also exposed data breaches in companies like Truecaller, Dunzo, Unacademy, Naukri.com, Bharat Earth Movers Limited (BEML), LimeRoad and IndiaBulls.
Source: Cyble
- Best tech deals: Flipkart Big Diwali Sale
