Big Basket faces major data breach as personal info of 2 cr users being sold

Bengaluru, November 08: In a massive potential data breach, data hackers targeted India's one of the largest Grocery e-commerce platform Big Basket and listed personal details of over two-crore BigBasket users for sale on the dark web for $40,000. The e-commerce grocery firm lodged a police complaint with Bengaluru Cyber Crime Cell.

 

 

"A few days ago, we learned about a potential data breach at BigBasket and are evaluating the extent of the breach and authenticity of the claim in consultation with cybersecurity experts and finding immediate ways to contain it. We have also lodged a complaint with the Cyber Crime Cell in Bengaluru and intend to pursue this vigorously to bring the culprits to book," BigBasket said in a statement.

 

The incident came to light after the cyber intelligence firm Cyble reported saying, it noticed it in the course of their routine Dark web monitoring.

 

"In the course of our routine Dark web monitoring, the Research team at Cyble found the database of Big Basket for sale in a cyber-crime market, being sold for over $40,000. The leak contains a database portion; with the table name ‘member_member’. The size of the SQL file is ~ 15 GB, containing close to 20 Million user data," Cyble said in a blog post. Cyble, in its blog post, said the breach happened on October 31 and informed BigBasket about the possible data breach on November 1.

 

The data which was stolen includes full names, email IDs, mobile numbers, date of birth, location among others. The stolen data is now being sold for $40,000 on the dark web. The size of the SQL file is ~ 15 GB, containing close to 20 Million user data.

 

 

The Online grocery platform has, however, claimed that financial data like credit card numbers of its users is secure. "As the confidentiality of customers is a priority, we do not store their financial data, including credit card numbers, and are confident that it (data) is secure," the e-tailer added.

 

Moreover, BigBasket has a robust information security framework, and that it maintained only email ids, phone numbers, order details, and address, which could have been accessed. "The customer data we maintain are email IDs, phone numbers, order details, and addresses so there are details that could potentially have been accessed. We have a robust information security framework that employs best-in-class resources and technologies to manage our information," the company said in a statement.

 

It should be noted that BigBasket is funded by the Chinese e-commerce giant Alibaba Group, the Mirae Asset-Naver Asia Growth Fund, and a British government-owned CDC group.

 

Earlier delivery startup Dunzo too was targeted in July 2020. According to the company, over 3.4 million users' personal data were exposed on the dark web