Data of 2 crore Bigbasket users put on sale on dark web


PTI, Nov 8, 2020, 12:08 PM IST

Image Source: BigBasket

New Delhi: Grocery e-commerce platform Bigbasket has faced a potential data breach which could have leaked details of its around two crore users, according to cyber intelligence firm Cyble.

The company has filed a police complaint in this regard with Cyber Crime Cell in Bengaluru and is verifying claims made by cyber experts.

Cyble said that a hacker has put data allegedly belonging to Bigbasket on sale for around Rs 30 lakh.

“In the course of our routine dark web monitoring, the research team at Cyble found the database of Big Basket for sale in a cybercrime market, being sold for over $40,000. The leak contains a database portion; with the table name ‘member_member’. The size of the SQL file is about 15 GB, containing close to 20 million user data,” Cyble said in its blog.

It added the data put on sale includes names, email IDs, password hashes, contact numbers (mobile and phone), addresses, date of birth, location, and IP addresses of login among many others.

While Cyble has mentioned “passwords”, the company uses a one-time password sent through SMS which keeps on changing every time a user logs in.

“A few days ago, we learnt about a potential data breach at Bigbasket and are evaluating the extent of the breach and authenticity of the claim in consultation with cybersecurity experts and finding immediate ways to contain it. We have also lodged a complaint with the Cyber Crime Cell in Bengaluru and intend to pursue this vigorously to bring the culprits to book,” Bigbasket said in a statement.

The company said that the privacy and confidentiality of customers is the priority and it does not store any financial data including credit card numbers etc and is confident that this financial data is secure.

“The only customer data that we maintain are email IDs, phone numbers, order details, and addresses so these are the details that could potentially have been accessed. We have a robust information security framework that employs best-in-class resources and technologies to manage our information. We will continue to proactively engage with best-in-class information security experts to strengthen this further,” Bigbasket said.

The Bengaluru-based company is funded by Alibaba Group, Mirae Asset-Naver Asia Growth Fund, and the UK government-owned CDC group.

Cyble claimed that the breach occurred on October 30, 2020 and it has already informed the management of Bigbasket about it.

The cyber intelligence firm said on October 31, Cyble validated the breach through “validation of the leaked data with BigBasket users/information”, and on November 1, “Cyble disclosed the breach to Bigbasket management.”

Udayavani is now on Telegram. Click here to join our channel and stay updated with the latest news.

Top News

Apologise for always insulting Ambedkar instead of doing drama: BJP to Cong on campaign against Shah

No question of forgiving BJP MLC Ravi at any cost for using derogatory word : Minister Laxmi Hebbalkar

Derogatory word against minister: AICC leader Surjewala calls for strict action against BJP MLC

Case registered against unknown persons who attempted to attack BJP MLC Ravi

Delhi polls: BJP issues ‘chargesheet’ against Kejriwal; vows to remove AAP from power

PVR INOX rejigs media biz, appoints Chief Sales Officer Shalu Sabharwal as head

Mastermind of kidnapping gang targeting celebrities arrested after encounter in UP’s Bijnor

Related Articles More

Epigamia founder Rohan Mirchandani dies of cardiac arrest at age 42

Lohia Auto launches EV brand ‘Youdha’, aims to sell 3 lakh vehicles by 2027

“FM ji FM ji, itna tax main kaise bharun”, asks investor Vijay Kedia in viral post

RBI: After another status quo year, all eyes on a growth-propping rate cut with new Guv at helm

Front-running case: Sebi bans 9 entities from market , impounds illegal gains of over Rs 21 crore

MUST WATCH

Tulunadu Daivaradane

Feeding Birds with Creative Paddy Art!

Areca Nut

HOTEL SRI DURGA BHAVANA

Harish Poonja


Latest Additions

Apologise for always insulting Ambedkar instead of doing drama: BJP to Cong on campaign against Shah

Farmer who threatened to commit suicide asked to cough up Rs 9.9 lakh by police for security arrangements

No question of forgiving BJP MLC Ravi at any cost for using derogatory word : Minister Laxmi Hebbalkar

Unnao rape survivor father’s death: Delhi HC extends Kuldeep Sengar’s interim bail till January 20

Police to train Delhi school teachers to deal with bomb threats

Thanks for visiting Udayavani

You seem to have an Ad Blocker on.
To continue reading, please turn it off or whitelist Udayavani.