The Bangalore-based company BigBasket suffers a data breach where the hackers allegedly put up user records for sale on the dark web.
The Bangalore-based company BigBasket suffers a data breach where the hackers allegedly put up user records for sale on the dark web.
BigBasket is India’s largest online food and grocery store funded by Alibaba Group, Mirae Asset-Naver Asia Growth Fund, and the UK government-owned CDC group.
“Recently BigBasket, India’s leading online food and grocery store, became victim to a data breach,” reported Cyble.
The Cybel Research team spotted a threat actor offering the database of BigBasket for sale in the cybercrime market during routine Dark web monitoring. The archive consists of 20 million user records of 15 GB size and is being sold for around Rs 30 lakh.
The database consists of names, email IDs, password hashes (potentially hashed OTPs), contact numbers (mobile and phone), addresses, date of birth, location, and IP addresses of login among many others. While Cyble has mentioned "passwords", the company uses a one-time password sent through SMS which keeps on changing every time a user logs in.
Cyble notified the company's management team of the leak that occurred on October 14, 2020, and they are currently working towards a disclosure process.
“Cyble is disclosing the alleged data leak in the interest of the population impacted,” concludes Cyble.
The company reported that privacy and confidentiality of customers is its priority, and it does not store any financial data including credit card numbers etc. The company is confident that the financial data is secure.
The company has filed a police complaint with Cyber Crime Cell in Bengaluru and is investigating the alleged incident.
People who want to check out if their information has been exposed in this data breach and other incidents can register on Cyble’s data breach monitoring and notification platform, AmiBreached.com.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?