Grocery e-commerce platform BigBasket has faced a cyber attack which could have potentially leaked details of around its 2 crore users, as reported by cyber intelligence firm Cyble. The company has filed a police complaint with the cyber cell unit in Bengaluru and is currently verifying claims made by cyber experts.
Cyble claimed that the breach occurred on October 30, 2020, and it has already informed the management of BigBasket about it. It has reported that a hacker had put a price of around 30 lakh rupees on data belonging to BigBasket. “In the course of our routine dark web monitoring, the research team at Cyble found the database of Big Basket for sale in a cyber crime market, being sold for over USD 40,000. The leak contains a database portion; with the table name ‘member_member’. The size of the SQL file is about 15 GB, containing close to 20 million user data,” Cyble said in its blog. It further disclosed the nature of data put on sale includes names, email IDs, password hashes, contact numbers (mobile and phone), addresses, date of birth, location, and IP addresses of login among many others.
“A few days ago, we learnt about a potential data breach at BigBasket and are evaluating the extent of the breach and authenticity of the claim in consultation with cybersecurity experts and finding immediate ways to contain it. We have also lodged a complaint with the Cyber Crime Cell in Bengaluru and intend to pursue this vigorously to bring the culprits to book,” BigBasket said in a statement. The company has already assured the customers that they hold their privacy and confidentiality supreme and are confident that the financial data is completely secure as they do not store details associated with financial transactions like credit card details etc. “We have a robust information security framework that employs best-in-class resources and technologies to manage our information. We will continue to proactively engage with best-in-class information security experts to strengthen this further,” BigBasket said.
The Bengaluru-based company is backed by Alibaba Group, Mirae Asset-Naver Asia Growth Fund, and the UK government-owned CDC group.