New Delhi: Bigbasket, which is a prominent grocery e-commerce platform, has suffered a potential data breach as details of around 2 crore users have been leaked. The information is shared by a cyber intelligence firm, Cyble. A police complaint has been filed in the Cyber Crime Cell in Bengaluru. It is verifying the claims made by cyber consultants. The breach occurred on October 30, 2020, and has already informed the management of Bigbasket about it, said Cyble.
The cyber intelligence firm said that a hacker has put data allegedly belonging to Bigbasket on sale for around Rs 30 lakh. The data put on sale includes names, email IDs, password hashes, addresses, date of birth, location, contact numbers, and IP addresses of login.
Bigbasket, however, uses a one-time password sent through SMS which keeps on changing every time a user logs in.
"In the course of our routine dark web monitoring, the research team at Cyble found the database of Big Basket for sale in a cybercrime market, being sold for over USD 40,000. The leak contains a database portion; with the table name 'member_member'. The size of the SQL file is about 15 GB, containing close to 20 million user data," Cyble said in its blog.
Bigbasket said in a statement that they are evaluating the extent of the breach and authenticity of the claim in consultation with cybersecurity experts and finding immediate ways to contain it. "We have also lodged a complaint with the Cyber Crime Cell in Bengaluru and intend to pursue this vigorously to bring the culprits to book," the e-commerce company added in their statement.
They also said that the privacy and confidentiality of their customers is a priority, and it does not store any financial data.
"The only customer data that we maintain are email IDs, phone numbers, order details, and addresses so these are the details that could potentially have been accessed. We have a robust information security framework that employs best-in-class resources and technologies to manage our information. We will continue to proactively engage with best-in-class information security experts to strengthen this further," Bigbasket added.
An Indian company, Bigbasket is based in Bengaluru and is funded by Alibaba Group, Mirae Asset-Naver Asia Growth Fund, and the UK government-owned CDC group.