A US-based cybersecurity firm, Cyble has said that the online grocery major BigBasket has become the latest victim of the cyber attack as over 20 million users’ data have been leaked in a potential data breach.
The cyber risk intelligence platform, its research team has found the database of BigBasket for sale in a cybercrime market during their routine dark web monitoring. The hacker has put data on sale for over $40,000, said Cyble on its blog.
The report claimed that the size of the SQL file is 15 gigabyte which contains close to 20 million user data including their full names, email ids, password hashes, pin, contact numbers, full addresses, date of birth, location and IP addresses among others.
Digital payment
While the alleged breach occurred on October 14, 2020, it was detected and validated on October 30. Cyble also said that it had disclosed the breach to Bengaluru-based company’s management on November 1 before making it public on November 7.
The latest development has come at a time when online grocery shopping and digital payments have gained momentum. Due to the fear of the spread of viruses, people are preferring online payments which require their personal details, such as credit or debit card details for easy transactions.
BigBasket spokesperson said the company also lodged a complaint with the Cyber Crime Cell in Bangalore and intend to pursue this vigorously to bring the culprits to book.
Information management
“The privacy and confidentiality of our customers is our priority and we do not store any financial data including credit card numbers etc., and are confident that this financial data is secure. The only customer data that we maintain are email ids, phone numbers, order details, and addresses so these are the details that could potentially have been accessed,” said the spokesperson.
BigBasket official also said the company has a robust information security framework that employs best-in-class resources and technologies to manage its information. “We will continue to proactively engage with best-in-class information security experts to strengthen this further,” said the official.