One of the country’s most recognized e-commerce and grocery delivery platforms, Bigbasket, has reportedly been hit by a cyberattack leading to potential data breach of up to 2 crore users. The revelation was made by cyber-intelligence company Cyble which added that the hacker put Bigbasket’s user data on sale in dark web pages for around Rs 30 lakh ($40,000).
“In the course of our routine dark web monitoring, the research team at Cyble found the database of Big Basket for sale in a cyber crime market, being sold for over USD 40,000. The leak contains a database portion; with the table name ‘member_member’. The size of the SQL file is about 15 GB, containing close to 20 million user data,” the cyber-intelligence firm said in its blog.
The firm added that the data put on sale includes, email IDs, names, password hashes, contact numbers, addresses, date of birth, location, and IP addresses of login among others, leading to a series of headaches for the e-commerce retailer.
Read - Maharashtra Cyber Police Arrests Paytm Employee For Online Fraud
Cyble mentioned that the hack occurred on October 30, 2020, while the company reportedly informed Bigbasket on November 1.
Bigbasket acknowledged the matter in a brief statement - “A few days ago, we learnt about a potential data breach at Bigbasket and are evaluating the extent of the breach and authenticity of the claim in consultation with cybersecurity experts and finding immediate ways to contain it. We have also lodged a complaint with the Cyber Crime Cell in Bengaluru and intend to pursue this vigorously to bring the culprits to book.”
Also read - Thane Permits Shops To Remain Operational Till 9:30 PM
Bigbasket added that the safety and security of its customers remains a priority and that it doesn’t store confidential information such as credit card numbers, adding that the financial information of its customers is safe.
It’s also worth noting that Bigbasket uses a one-time password or OTP via SMS to authenticate user log-in, thus mitigating the risk of such data hacks.
“The only customer data that we maintain are email IDs, phone numbers, order details, and addresses so these are the details that could potentially have been accessed. We have a robust information security framework that employs best-in-class resources and technologies to manage our information. We will continue to proactively engage with best-in-class information security experts to strengthen this further,” Bigbasket added.
Read - Four Held For Cheating Vile Parle Resident For Crores In An Insurance Fraud
Share
Tweet
