Skip to main content

BigBasket Faces Potential Data Breach; Details Of 2 Crore Users Put On Sale On Dark Web


 

Grocery e-commerce platform Bigbasket has faced a potential data breach which could have leaked details of its around 2 crore users, according to cyber intelligence firm Cyble.


The company has filed a police complaint in this regard with Cyber Crime Cell in Bengaluru and is verifying claims made by cyber experts.


Cyble said that a hacker has put data allegedly belonging to Bigbasket on sale for around Rs 30 lakh.


"In the course of our routine dark web monitoring, the research team at Cyble found the database of Big Basket for sale in a cyber crime market, being sold for over $40,000. The leak contains a database portion; with the table name 'member_member'. The size of the SQL file is about 15 GB, containing close to 20 million user data," Cyble said in its blog.

It added the data put on sale includes names, email IDs, password hashes, contact numbers (mobile and phone), addresses, date of birth, location, and IP addresses of login among many others.

While Cyble has mentioned "passwords", the company uses a one-time password sent through SMS which keeps on changing every time a user logs in.

"A few days ago, we learnt about a potential data breach at Bigbasket and are evaluating the extent of the breach and authenticity of the claim in consultation with cybersecurity experts and finding immediate ways to contain it. We have also lodged a complaint with the Cyber Crime Cell in Bengaluru and intend to pursue this vigorously to bring the culprits to book," Bigbasket said in a statement.

The company said that the privacy and confidentiality of customers is priority and it does not store any financial data including credit card numbers etc and is confident that this financial data is secure.

"The only customer data that we maintain are email IDs, phone numbers, order details, and addresses so these are the details that could potentially have been accessed. We have a robust information security framework that employs best-in-class resources and technologies to manage our information. We will continue to proactively engage with best-in-class information security experts to strengthen this further," Bigbasket said.

The Bengaluru-based company is funded by Alibaba Group, Mirae Asset-Naver Asia Growth Fund, and the UK government-owned CDC group.

Cyble claimed that the breach occurred on October 30, 2020 and it has already informed the management of Bigbasket about it.

The cyber intelligence firm said on October 31, Cyble validated the breach through "validation of the leaked data with BigBasket users/information", and on November 1, "Cyble disclosed the breach to Bigbasket management".

 

Sandip Ginodia , CEO

ALTIUS INVESTECH PVT LTD

We deal in over 60 unlisted companies with 15 years of experience 

For latest prices visit : www.abhisheksecurities.com/unlisted.htm / call : 09830271248 .

Email : ginodiasandip1@gmail.com

Comments

Popular posts from this blog

Reliance's JioMart is averaging half a million orders per day; WhatsApp driving growth

  JioMart , Reliance's online-to-offline commerce  platform that launched in May , has scaled up rapidly, riding on the pandemic-fuelled digital acceleration. The service, which went   live in 200 cities across India, is currently processing an average of  500,000 orders per day. " We can go even higher on peak days",  Jio Platforms CEO   Kiran Thomas  revealed at the Facebook for Fuel India 2020 event. He said, "JioMart is empowering millions of  kiranas  and small merchants through the simple and secure platform of WhatsApp, and linking them to Reliance Retail's pan-India supply chain. We expect to grow manifold in future, and are optimistic about enabling new cohorts of users and making it easier for them to shop for daily essentials."  "Customers are transacting seamlessly on JioMart and the  conversational nature of the service  enabled by WhatsApp has made people adapt to it intuitively," he added. Reliance also stated that it will continue t

Stock broker SMC Global files for IPO

F inancial services company SMC Global Securities has filed draft red herring prospectus with SEBI for public issue of 1,58,67,380 equity shares of face value of Rs 2 each. The issue comprises a fresh issue of 79,33,690 equity shares by the company and an offer for sale of 79,33,690 shares by Millennium India Acquisition Company Inc. As of September 30, 2012, "We service our broking clients through a network of 43 branches and 2,521 registered sub-brokers and authorized persons spread in more than 500 cities and towns. We have also established an office in Dubai for brokerage and trading activities in that region," the company said. SMC has reported a loss of Rs 0.42 crore and total revenues of Rs 292.24 crore in the year ended March 31, 2012. "The proceeds of the fresh issue shall be utilised for margin maintenance with stock exchanges; part repayment of term loan; investments into subsidiary, SMC Comtrade; and general corporate purposes," according to p

TCS merger with TCS e serve

The board of Tata Consultancy Services (TCS) in its meeting on 18 October 2012 has approved the composite scheme of arrangement between TCS, TCS e-Serve (e-Serve) and TCS e-Serve International (TEIL). The composite scheme of arrangement provides for merger of e-Serve into TCS and demerger of TEIL's special economic zone (SEZ) undertaking(s) to TCS. The appointed date proposed for this scheme is 01 April 2013. TCS holds 96.26% of the paid up equity share capital of e-Serve. TEIL is a wholly owned subsidiary of e-Serve. As per the terms of the scheme of arrangement, shareholders of e-Serve (other than TCS) will receive 13 equity shares of Re 1 each of TCS for every 4 equity shares of Rs 10 each of e-Serve held by them. The board has approved the scheme of merger of Computational Research Laboratories (CRL) and Retail FullServe (RFL) with TCS. The proposed appointed date for the merger of CRL is 01 October 2012 and for the merger of RFL is 01 April 2012. Computational Res