In a massive data breach, BigBasket online grocery store allegedly leaked data from 2 crore users to the dark web. According to cyber intelligence firm Cyble, BigBasket leaked sensitive data such as full names, email IDs, password hashes, contact numbers, addresses and more on the dark web. Adding to BigBasket’s woes, a hacker put the data up for sale for around Rs 30 lakh.
“In the course of our routine monitoring on the dark web, Cyble’s research team found the Big Basket database for sale in a cybercrime marketplace, selling for over $ 40,000. The leak contains a portion of the database; with the table name “member_member”. The size of the SQL file is ~ 15GB, containing nearly 20 million user data. More specifically, this includes full names, email IDs, password hashes (OTP potentially hash), pins, contact numbers (mobile + phone), full addresses, date of birth, location and login IP addresses among many others ” Cyble said in the blog post.
Cyble revealed that people’s names and addresses were exposed on the dark web but the company said that users’ financial data is safe. For online shopping, you need to share your credit or debit card details with the e-commerce platform. The site it also saves details to make it easier to enter future orders. BigBasket also filed a complaint with the Bengaluru cyber cell.
Commenting on the data breach, BigBasket said: “A few days ago, we learned of a potential data breach at BigBasket and are evaluating the extent of the breach and the authenticity of the complaint in consultation with cybersecurity experts and finding immediate ways to contain it. We have also filed a complaint with the Cyber Crime Cell in Bengaluru and intend to pursue with determination to get the guilty to book. “
“The only customer data we keep is email IDs, phone numbers, order details and addresses, so these are the details that could potentially have been accessed. We have a robust information security framework that employs the best of resources and technologies to manage our information. We will continue to proactively collaborate with the best information security experts to further strengthen this, “the further reads. Cyble shared the exact history of the data breach on her blog. The report says the breach was first detected on October 31 and November 1, Cyble notified BigBasket of the possible breach.
In a massive data breach, BigBasket online grocery store allegedly leaked data from 2 million users to the dark web.
- BigBasket would have leaked the data of 2 crore of users on the dark web.
- BigBasket leaked sensitive data such as full names, email ids, password hashes, contact numbers, addresses.
- Adding to BigBasket’s woes, a hacker put the data up for sale for around Rs 30 lakh.