Bigbasket faces potential data breach; details of 2 crore users likely to have been leaked, put for sale on dark web

Cyber intelligence firm Cyble said it found the database of Big Basket being sold for over US $40,000, with a details like names, email IDs, password hashes, contact numbers

Press Trust of India November 09, 2020 09:53:04 IST
Bigbasket faces potential data breach; details of 2 crore users likely to have been leaked, put for sale on dark web

New Delhi: Grocery e-commerce platform Bigbasket has faced a potential data breach which could have leaked details of its around 2 crore users, according to cyber intelligence firm Cyble.

The company has filed a police complaint in this regard with Cyber Crime Cell in Bengaluru and is verifying claims made by cyber experts.

Cyble said that a hacker has put data allegedly belonging to Bigbasket on sale for around Rs 30 lakh.

"In the course of our routine dark web monitoring, the research team at Cyble found the database of Big Basket for sale in a cyber crime market, being sold for over US $40,000. The leak contains a database portion; with the table name 'member_member'. The size of the SQL file is about 15 GB, containing close to 20 million user data," Cyble said in its blog.

It added the data put on sale includes names, email IDs, password hashes, contact numbers (mobile and phone), addresses, date of birth, location, and IP addresses of login among many others.

While Cyble has mentioned "passwords", the company uses a one-time password sent through SMS which keeps on changing every time a user logs in.

"A few days ago, we learnt about a potential data breach at Bigbasket and are evaluating the extent of the breach and authenticity of the claim in consultation with cybersecurity experts and finding immediate ways to contain it. We have also lodged a complaint with the Cyber Crime Cell in Bengaluru and intend to pursue this vigorously to bring the culprits to book," Bigbasket said in a statement.

The company said that the privacy and confidentiality of customers is priority and it does not store any financial data including credit card numbers, etc and is confident that this financial data is secure.

"The only customer data that we maintain are email IDs, phone numbers, order details, and addresses so these are the details that could potentially have been accessed. We have a robust information security framework that employs best-in-class resources and technologies to manage our information. We will continue to proactively engage with best-in-class information security experts to strengthen this further," Bigbasket said.

The Bengaluru-based company is funded by Alibaba Group, Mirae Asset-Naver Asia Growth Fund, and the UK government-owned CDC group.

Cyble claimed that the breach occurred on 30 October, 2020 and it has already informed the management of Bigbasket about it.

The cyber intelligence firm said on 31 October, Cyble validated the breach through "validation of the leaked data with BigBasket users/information", and on 1 November, "Cyble disclosed the breach to Bigbasket management".

Updated Date:

Find latest and upcoming tech gadgets online on Tech2 Gadgets. Get technology news, gadgets reviews & ratings. Popular gadgets including laptop, tablet and mobile specifications, features, prices, comparison.

also read

ISL 2020-21, Bengaluru FC preview: Carles Cuadrat looks to bounce back from disappointing season with rejuvenated squad
Sports

ISL 2020-21, Bengaluru FC preview: Carles Cuadrat looks to bounce back from disappointing season with rejuvenated squad

With the upcoming season of the Indian Super League just days away, we at Firstpost.com take a look at how Bengaluru FC stack up.

Ravi Belagere (1958-2020): Remembering a maverick whose journalism was both sensationalist and subversive
Lifestyle

Ravi Belagere (1958-2020): Remembering a maverick whose journalism was both sensationalist and subversive

Ravi Belagere was a gifted individual with an intrinsic understanding of journalistic methods but, rather than restrict himself to being a writer and intellectual in an ordinary world — which he might have been — he used his skills in a darker world, and found himself transformed.

ISL 2020-21: Spanish striker Igor Angulo's brace sees FC Goa fight back to secure draw against Bengaluru FC
Sports

ISL 2020-21: Spanish striker Igor Angulo's brace sees FC Goa fight back to secure draw against Bengaluru FC

Goa dominated possession early on, with Bengaluru happy to sit back and maintain their defensive shape. However, both teams failed to create clear-cut opportunities in the opening quarter.