SUMMARY
Cyber intelligence company Cyble said it found conversations between cybercriminals and ShinyHunters on November 10
On November 8, BigBasket had filed a police complaint over the hacking incident that affected over 2 Cr users
Cyble claimed that the breach occurred on October 30, 2020 and it informed Bigbasket about the suspected threats in this regard
Inc42 Daily Brief
Stay Ahead With Daily News & Analysis on India’s Tech & Startup Economy
Cyber intelligence firm Cyble, which had publicly notified a cyber attack on grocery delivery platform Bigbasket, has now revealed that hacking group “Shinyhunters” is supposedly behind the data breach. Data related to over 2 Cr users was compromised in the attack on Bigbasket.
The company revealed that a conversation between another cybercriminal and ‘Shinyhunters’ has surfaced on RaidForums on November 10. Shinyhunters is a group notorious for being active on dark web hacking marketplaces, and the group is selling a database containing a combined total of 73.2 Mn user records across 11 different companies. The group is said to be operational since 2015 under a variety of aliases such as Shiny Hunters, Gnostic Players.
On November 8, BigBasket had filed a police complaint in this regard with Cyber Crime Cell in Bengaluru and is verifying claims made by cyber experts.
Cyble said that a hacker has put data allegedly belonging to BigBasket on sale for around INR 30 lakh. The company claimed that the breach occurred on October 30, 2020 and it has already informed the management of Bigbasket about it.
“A few days ago, we learnt about a potential data breach at BigBasket and are evaluating the extent of the breach and authenticity of the claim in consultation with cybersecurity experts and finding immediate ways to contain it. We have also lodged a complaint with the Cyber Crime Cell in Bengaluru and intend to pursue this vigorously to bring the culprits to book,” BigBasket had said in a statement.
The company added that does not store any financial data including credit card numbers on its servers and is confident that all financial data related to users is secure. “The only customer data that we maintain are email IDs, phone numbers, order details, and addresses so these are the details that could potentially have been accessed. We have a robust information security framework that employs best-in-class resources and technologies to manage our information. We will continue to proactively engage with best-in-class information security experts to strengthen this further,” Bigbasket had said at the time.
Note: We at Inc42 take our ethics very seriously. More information about it can be found here.