NEW DELHI – Grocery e-commerce platform Bigbasket It has faced a possible data breach that could have leaked details of its around 2 million users, according to cyber intelligence firm Cyble.
The company has filed a police report in this regard with Cyber Crime Cell in Bengaluru and is verifying the claims made by cyber experts.
Cyble said that a hacker has put up data allegedly belonging to Bigbasket for around 30 lakh rupees.
“In the course of our routine monitoring of the dark web, Cyble’s investigation team found Big Basket’s database for sale in a cybercrime marketplace, selling for more than $ 40,000. The leak contains a part of the database, with the table name ‘member_member’. The size of the SQL file is about 15 GB and contains about 20 million user data, “Cyble said on his blog.
It added that the data released includes names, email IDs, password hashes, contact numbers (mobile and phone), addresses, date of birth, location, and login IP addresses, among many others.
While Cyble has mentioned “passwords”, the company uses a one-time password sent via SMS that keeps changing every time a user logs in.
“A few days ago, we learned of a possible data breach at Bigbasket and we are assessing the extent of the breach and the authenticity of the claim in consultation with cybersecurity experts and finding immediate ways to contain it. We have also filed a complaint with Cyber Crime Cell in Bengaluru and we intend to vigorously pursue this to bring the culprits to the book, “Bigbasket said in a statement.
The company said that the privacy and confidentiality of customers is a priority and that it does not store any financial data, including credit card numbers, etc., and trusts that this financial data is safe.
“The only customer data we keep is email IDs, phone numbers, order details, and addresses, so these are the details that could have been accessed. We have a framework for robust information security that employs the best resources and technologies to manage our information. We will continue to proactively engage with the best information security experts to further strengthen this, “said Bigbasket.
The Bengaluru-based company is funded by the Alibaba Group, Mirae Asset-Naver Asia Growth Fund and the UK government-owned CDC group.
Cyble claimed that the infringement occurred on October 30, 2020 and has already informed Bigbasket’s management about it.
The cyber intelligence firm said on October 31, Cyble validated the gap through “validation of leaked data with BigBasket users / information,” and on November 1, “Cyble disclosed the gap to Bigbasket management.”
In video: Bigbasket data of more than 2 million users put up for sale on the dark web
.
