Grocery e-commerce platform Bigbasket has faced a potential data breach that could have leaked details of its around 2 crore users, according to cyber intelligence firm Cyble. The company has filed a police complaint with Cyber Crime Cell in Bengaluru and verifies claims made by cyber experts. Cyble said that a hacker had put data allegedly belonging to Bigbasket on sale for around Rs 30 lakh.

While Cyble has mentioned “passwords,” the company uses a one-time password sent through SMS, which keeps on changing every time a user logs in.

“In the course of our routine dark web monitoring, the research team at Cyble found the database of Big Basket for sale in a cybercrime market, being sold for over USD 40,000. The leak contains a database portion, with the table name ”member_member”. The size of the SQL file is about 15 GB, containing close to 20 million user data,” Cyble said in its blog.

It added the data put on sale includes names, email IDs, password hashes, contact numbers (mobile and phone), addresses, date of birth, location, and IP addresses of login, among many others.

While Cyble has mentioned “passwords,” the company uses a one-time password sent through SMS, which keeps on changing every time a user logs in.

“A few days ago, we learned about a potential data breach at BigBasket and are evaluating the extent of the breach and authenticity of the claim in consultation with cybersecurity experts and finding immediate ways to contain it. We have also lodged a complaint with the Cyber Crime Cell in Bengaluru and intend to pursue this vigorously to bring the culprits to book,” Bigbasket said in a statement.

The company said that customers’ privacy and confidentiality are a priority. It does not store any financial data, including credit card numbers, etc., and is confident that this financial data is secure.

“The only customer data that we maintain are email IDs, phone numbers, order details, and addresses, so these are the details that could potentially have been accessed. We have a robust information security framework that employs best-in-class resources and technologies to manage our information. We will continue to proactively engage with best-in-class information security experts to strengthen this further,” Bigbasket said.

The Bengaluru-based company is funded by Alibaba Group, Mirae Asset-Naver Asia Growth Fund, and the UK government-owned CDC group.

Cyble claimed that the breach occurred on October 30, 2020, and it has already informed the management of Bigbasket about it.

The cyber intelligence firm said on October 31, Cyble validated the breach through “validation of the leaked data with BigBasket users/information.” On November 1, “Cyble disclosed the breach to BigBasket management.”

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Do NOT follow this link or you will be banned from the site!
error: Unauthorized Content Copy Is Not Allowed
Scroll to Top
%d bloggers like this: