A US-based cybersecurity firm on Sunday said that the online grocery major BigBasket has become the latest victim of the cyber attack as over 20 million users' data have been leaked in a potential data breach.
According to Cyble, a cyber risk intelligence platform, its research team has found the database of BigBasket for sale in a cybercrime market during their routine dark web monitoring. The hacker has put data on sale for over $40,000, said Cyble on its blog.
The report claimed that the size of the SQL file is 15 gigabyte which contains close to 20 million user data including their full names, email ids, password hashes, pin, contact numbers, full addresses, date of birth, location and IP addresses among others.
While the alleged breach occurred on October 14, 2020, it was detected and validated on October 30. Cyble also said that it had disclosed the breach to Bengaluru-based company’s management on November 1 before making it public on November 7.
The latest development has come at a time when online grocery shopping and digital payments have gained momentum. Due to the fear of the spread of viruses, people are preferring online payments which require their personal details, such as credit or debit card details for easy transactions.
“…We have also lodged a complaint with the Cyber Crime Cell in Bangalore and intend to pursue this vigorously to bring the culprits to book. The privacy and confidentiality of our customers is our priority and we do not store any financial data including credit card numbers etc., and are confident that this financial data is secure. The only customer data that we maintain are email ids, phone numbers, order details, and addresses so these are the details that could potentially have been accessed,” said a BigBasket spokesperson to Entrackr in an email statement
"We have a robust information security framework that employs best-in-class resources and technologies to manage our information. We will continue to proactively engage with best-in-class information security experts to strengthen this further," the spokesperson added.
Of late, data or security breaches have been occurring frequently across the Indian startup ecosystem. In August this year, Paytm group had suffered a ‘massive data breach’ after Paytm Mall was hacked and a ransom demanded. Although, Paytm had denied any such breach at that time.
Early this year, edtech startup Unacademy’s database also suffered a breach with contacts of 22 million users being put up for sale on May 3 for $2000. Truecaller, Zomato, and Uber have also fallen prey to massive data breaches of their user accounts.