Online Grocer and e-commerce platform, BigBasket caught in the traps of a hacker and potentially leaked details for about 2 crore users. This information was shared by the Cyber Intelligence Company, Cyble.
Cyble has alleged that the hacker has auctioned BigBasket’s potential user data of about 2 crore users on the dark web for an approximate value of Rs. 30 Lakh. The online grocer has filed a complaint in this regard with the Cyber Crime Cell in Bengaluru. The details of the hacking and potential data breach are being verified by the company and Cyber experts.
The cyber intelligence firm, Cyble posted on their blog saying that as a part of their regular monitoring of dark web activities, they found a database of users which allegedly belonged to the online grocer. The hacker had auctioned the details on the cyber-crime market for USD 40, 000. The SQL file was approximately 15GB in size and contained user data of about 20-22 million BigBasket users. ‘member_member’ was the table name of the database portion they had put out for sale.
Furthermore, Cyble confirms that the data they found on the database file included personal information of users such as names, e-mail IDs, contact numbers, password hashes, location, date of birth, addresses, IP addresses from where the users accessed BigBasket etc. There were many other details on the files that could have put BigBasket into serious trouble.
Point to be noted, password hashes that have been mentioned by Cyble amongst the data that was leaked could be of no exact use to the hacker because BigBasket uses One-Time Password through SMS whenever a user logins, so it keeps changing frequently and this information could be of no use to the hacker or anyone who bought the alleged database for USD 40,000.
When asked about the potential data breach, BigBasket said in a statement that the company is still evaluating the extent of this breach and authenticity of the report claimed by Cyble, cybersecurity experts are doing their job in finding the culprit and putting him down to the books of law and methods of containing the leaked information. Furthermore, the complaint has been filed in the Cyber Crime Cell in Bengaluru.
In addition to this, BigBasket assures its customers that their financial information is safe as the company does not store any credit card details or any financial details of users. The company is quite confident that this data is secure and the customer’s privacy and confidentiality is a priority for BigBasket.
Cyble witnessed this potential breach of user information on October 30, 2020, and informed the BigBasket management team about the same, validation of the breach was confirmed the next day.