Bigbasket Faces Data Leakage; Details Of 2 Crore Users Disclosed For Sale On Dark Web!
A Cyber intelligence firm Cyble claimed that a hacker has leaked data belonging to Bigbasket on sale for about Rs 30 lakh in a cyber crime market.
By Mridulata Sen
Recently Big basket's data leaked news hit the internet. It is reported that a Cyber intelligence firm Cyble claims that a hacker has leaked data belonging to Bigbasket on sale for about Rs 30 lakh in a cybercrime market.
However, the e-grocer stated that customer confidentiality is a priority and they do not store any financial data.
According to cyber intelligence firm Cyble, Bigbasket has faced a potential data breach that could have leaked details of around two crore users!
Now it has been reported that the company has filed a police complaint in this regard with Cyber Crime Cell in Bengaluru and the same is being verified by them. The claims made by cyber experts will be checked and then further monitoring will be done.
"In the course of our routine dark web monitoring, the research team at Cyble found the database of Big Basket for sale in a cybercrime market, being sold for over $40,000. The leak contains a database portion; with the table name 'member member'. The size of the SQL file is about 15 GB, containing close to 20 million user data," Cyble said.
To add to further clarity Big basket added that the data put on their system for sale includes names, email IDs, password hashes, contact numbers (mobile and phone), addresses, date of birth, location, and IP addresses of login among many others. While Cyble has mentioned "passwords", the company uses a one-time password sent through SMS which keeps on changing every time a user logs in. Then how can this be leaked they claimed?
"A few days ago, we learned about a potential data breach at Bigbasket and are evaluating the extent of the breach and authenticity of the claim in consultation with cybersecurity experts and finding immediate ways to contain it. We have also lodged a complaint with the Cyber Crime Cell in Bengaluru and intend to pursue this vigorously to bring the culprits to book," Bigbasket said in a statement.
The company mentioned that privacy and confidentiality are the main two things that they maintain. Their customer’s data is their priority and moreover, their system does not store any financial data, including credit card numbers, etc.
The following was claimed by Cyble on October 30, 2020, and it had already been informed to the Bigbasket management.
Let’s see what comes out after the issue is being tested. Till then stay tuned for further upcoming updates.