Highlights:
- Data of more than 2 crore users affected in a data breach of online grocery store BigBasket
- The data is on sale on the Dark Web
- Sensitive data including full names, email IDs, password hashes, contact numbers, addresses were leaked
- A hacker has put the price tag of Rs 30 lakh on the BigBasket user data
A massive data breach was reported as allegedly the online grocery store BigBasket has allegedly leaked sensitive data of more than 2 crore users on the Dark Web. As per the cyber intelligence company Cyble, the online grocery firm leaked sensitive data of its users which include information like full names, email IDs, password hashes, contact numbers, addresses, and more on the dark web.
Also Read: 20 Interesting Coolest Websites In The World
Adding to the misery of the online grocery firm, a hacker is selling the data on the Dark Web for around Rs 30 lakh.
In a blog post, Cyble said, “In the course of our routine Dark web monitoring, the Research team at Cyble found the database of Big Basket for sale in a cyber-crime market, being sold for over $40,000. The leak contains a database portion; with the table name ‘member_member’. The size of the SQL file is ~ 15 GB, containing close to 20 Million user data.”
It added, “More specifically, this includes full names, email IDs, password hashes (potentially hashed OTPs), pin, contact numbers (mobile + phone), full addresses, date of birth, location, and IP addresses of login among many others,”.
The cyber intelligence firm revealed that the names and the addresses of the users were exposed on the Dark Web but the company claims that the financial data of the users was safe.
User, for online shopping, have to share the debit or credit card details with the e-commerce platform and the site also saves the details to make it easier for its users to place orders in the future.
BigBasket has filed a complaint at the cyber cell in Bengaluru.
Also Read: 15 Offline Racing Games For Android
In a statement, the online grocery firm said, “A few days ago, we learned about a potential data breach at BigBasket and are evaluating the extent of the breach and authenticity of the claim in consultation with cybersecurity experts and finding immediate ways to contain it. We have also lodged a complaint with the Cyber Crime Cell in Bengaluru and intend to pursue this vigorously to bring the culprits to book,” as it commented on the breach.
The statement from BigBasket further added, “The only customer data that we maintain are email IDs, phone numbers, order details, and addresses so these are the details that could potentially have been accessed. We have a robust information security framework that employs best-in-class resources and technologies to manage our information. We will continue to proactively engage with best-in-class information security experts to strengthen this further,”.
Cyble shared the exact timeline of the data breach in its blog and said that the breach was initially reported on the 31st of October and the 1st of November.
Cyble even informed BigBasket about the possible breach.
