In a massive data breach, online grocery store BigBasket has allegedly leaked the data of 20 million users on the dark web. Read on to know more…
The online grocery platform BigBasket has become the latest target of cyberattack in India. According to US-based cybersecurity intelligence firm Cyble, BigBasket has faced a potential data breach with the information of over 20 million customers on the darkweb for sale.
According to the Cyble blogpost, the alleged breach occurred on October 14 and the BigBasket management was informed about it on November 1. While online commerce has made lives easier, this convenience could come at a cost, say experts.
Repercussions
The data, being sold for $40,000, includes the full names, email IDs, password hashes (potentially hashed OTPs), PIN, contact numbers, addresses, dates of birth, location, and IP addresses of login, among other bits of information, says a Cyble blogpost.
In a blog post, it said: “the Research team at Cyble found the database of Big Basket for sale in a cyber-crime market, being sold for over $40,000. The leak contains a database portion; with the table name ‘member_member’. The size of the SQL file is ~ 15 GB, containing close to 20 Million user data. More specifically, this includes full names, email IDs, password hashes (potentially hashed OTPs), pin, contact numbers (mobile + phone), full addresses, date of birth, location, and IP addresses of login among many others.”
Damage Control
BigBasket has lodged a complaint with the city’s cybercrime cell and is evaluating the extent of the breach and authenticity of the claim in consultation with cyber security experts.
BigBasket stated that the privacy and confidentiality of customers was a priority and it does not store any financial data including credit card numbers. BigBasket added that it is confident that this financial data is secure. “The only customer data that we maintain are email IDs, phone numbers, order details, and addresses so these are the details that could potentially have been accessed. We have a robust information security framework that employs best-in-class resources and technologies to manage our information. We will continue to proactively engage with best-in-class information security experts to strengthen this further,”
Conclusion
According to an IBM survey, the average cost of a data breach in India touched ~14 crore in 2020, an increase of 9.4 per cent from last year, as the average time to contain a data breach increased from 77 to 83 days a year. The top three root causes of data breach are malicious attacks, system glitches, and human error in the country, added the report.
Security experts said that while the opinion is uniform that data is a critical asset that can help sharpen business outreach and increase profits, it should be treated as a tradeable asset.