BigBasket Faces Data Breach: Details Of 2 Cr Users Put On Dark Web

BigBasket Faces Data Breach: Details Of 2 Cr Users Put On Dark Web

SUMMARY

The company has filed a police complaint in this regard with Cyber Crime Cell in Bengaluru and is verifying claims made by cyber experts

Cyble said that a hacker has put data allegedly belonging to BigBasket on sale for around INR 30 lakh

Cyble says data put on sale includes names, email IDs, password hashes, contact numbers, addresses, date of birth, location, and IP addresses of login

Grocery delivery platform BigBasket has faced a potential data breach that could have leaked details of its around 2 crore users, according to cyber intelligence firm Cyble.

The company has filed a police complaint in this regard with Cyber Crime Cell in Bengaluru and is verifying claims made by cyber experts.

Cyble said that a hacker has put data allegedly belonging to BigBasket on sale for around INR 30 lakh.

“In the course of our routine dark web monitoring, the research team at Cyble found the database of Big Basket for sale in a cybercrime market, being sold for over $40,000. The leak contains a database portion; with the table name ‘member_member.’ The size of the SQL file is about 15 GB, containing close to 20 million user data,” Cyble said in its blog.

It added the data put on sale includes names, email IDs, password hashes, contact numbers (mobile and phone), addresses, date of birth, location, and IP addresses of login among many others.

While Cyble has mentioned “passwords”, the company uses a one-time password sent through SMS which keeps on changing every time a user logs in.

“A few days ago, we learnt about a potential data breach at BigBasket and are evaluating the extent of the breach and authenticity of the claim in consultation with cybersecurity experts and finding immediate ways to contain it. We have also lodged a complaint with the Cyber Crime Cell in Bengaluru and intend to pursue this vigorously to bring the culprits to book,” BigBasket said in a statement.

The company said that the privacy and confidentiality of customers is a priority and it does not store any financial data including credit card numbers etc and is confident that this financial data is secure.

“The only customer data that we maintain are email IDs, phone numbers, order details, and addresses so these are the details that could potentially have been accessed. We have a robust information security framework that employs best-in-class resources and technologies to manage our information. We will continue to proactively engage with best-in-class information security experts to strengthen this further,” BigBasket said.

leak

The Bengaluru-based company is funded by Alibaba Group, Mirae Asset-Naver Asia Growth Fund, and the UK government-owned CDC group.

Cyble claimed that the breach occurred on October 30, 2020 and it has already informed the management of Bigbasket about it.

The cyber intelligence firm said on October 31, Cyble validated the breach through “validation of the leaked data with BigBasket users/information,” and on November 1, “Cyble disclosed the breach to BigBasket management.”  

Big Breaches Called Out By Cyble

On 30 August, Cyble said Paytm Mall was hacked by a cybercrime group under the alias ‘John Wick’, which led the hacker to get unrestricted access to the entire database of the company.

According to Cyble, ‘John Wick’ had broken into multiple Indian companies and collected ransom from various Indian organisations including OTT platform Zee5, fintech startups, Stashfin, Sumo Payroll, Stashfin, i2ifunding, through other aliases such as ‘South Korea’ and ‘HCKINDIA’.

‘John Wick’ had also allegedly hacked the Twitter account of Narendra Modi’s personal website, last week, and through a tweet, clarified that it had not hacked ‘Paytm Mall’.

Earlier, Cyble has highlighted data breaches of companies like Truecaller, Dunzo, Unacademy, Naukri.com, Bharat Earth Movers Limited (BEML), LimeRoad and IndiaBulls.

You have reached your limit of free stories
Become An Inc42 Plus Member

Become a Startup Insider in 2024 with Inc42 Plus. Join our exclusive community of 10,000+ founders, investors & operators and stay ahead in India’s startup & business economy.

2 YEAR PLAN
₹19999
₹7999
₹333/Month
UNLOCK 60% OFF
Cancel Anytime
1 YEAR PLAN
₹9999
₹4999
₹416/Month
UNLOCK 50% OFF
Cancel Anytime
Already A Member?
Discover Startups & Business Models

Unleash your potential by exploring unlimited articles, trackers, and playbooks. Identify the hottest startup deals, supercharge your innovation projects, and stay updated with expert curation.

BigBasket Faces Data Breach: Details Of 2 Cr Users Put On Dark Web-Inc42 Media
How-To’s on Starting & Scaling Up

Empower yourself with comprehensive playbooks, expert analysis, and invaluable insights. Learn to validate ideas, acquire customers, secure funding, and navigate the journey to startup success.

BigBasket Faces Data Breach: Details Of 2 Cr Users Put On Dark Web-Inc42 Media
Identify Trends & New Markets

Access 75+ in-depth reports on frontier industries. Gain exclusive market intelligence, understand market landscapes, and decode emerging trends to make informed decisions.

BigBasket Faces Data Breach: Details Of 2 Cr Users Put On Dark Web-Inc42 Media
Track & Decode the Investment Landscape

Stay ahead with startup and funding trackers. Analyse investment strategies, profile successful investors, and keep track of upcoming funds, accelerators, and more.

BigBasket Faces Data Breach: Details Of 2 Cr Users Put On Dark Web-Inc42 Media
BigBasket Faces Data Breach: Details Of 2 Cr Users Put On Dark Web-Inc42 Media
You’re in Good company