Bengaluru-based e-commerce grocery store, Big Basket admits of a potential data breach that might have happened recently. The attackers may have access to the personal information for up to 2 crore Big Basket users. The data breach was first brought into light by the US-based cybersecurity firm Cyble. Cyble said the breach happened on the 14th of October, they found out about it on the 30th of October & Big Basket was informed of the same by the 1st of November.
Big Basket has lodged a complaint regarding the breach at Bengaluru’s Cyber Cell & hopes to find the culprits soon. The company is currently evaluating the complete extent & damage caused by the breach. They are also looking into the authenticity of the claims being made. The company has affirmed that their best cybersecurity experts are on the job & they are doing their best to find a way to immediately contain the breach.
No Financial data leaked in the breach!
The data leaked in the mentioned potential data breach belonged to 2 crore people. This data might contain their personal information including email IDs, order details, addresses, date of birth, locations, phone numbers, login IP addresses & password hashes. They might also have the data regarding OTPs required for signing in to the account. This is the information that Big Basket saves from their users.
Companies often save financial data of their customers for an easier transaction. This includes credit card/ debit card details, online wallets information and more. Big Basket has confirmed that keeping in mind user privacy, they do not save any financial information from their customers.
This means that the financial information of the users is safe. The company has said that they have employed the best security professionals & have a robust security framework in place to protect & manage users’ data.
Stolen data being sold for $40,000
Cyble mentioned in their blog how they came across the details of this potential data breach. While doing routine monitoring of the dark web, they saw the Big Basket database being sold on the dark web for more than $40,000.
It was an SQL file of approximately 15 GB containing data of nearly 2 crore users. It is a portion of the database with a table named ‘member_member’. Cyble, while confirming that the financial data of the people are safe, also mentioned the names & addresses of the people whose data was stolen. And this data was being sold on the dark web by the hackers.
This incident has once again made people question the safety of their data on the internet. E-commerce stores like Big Basket have made shopping easier for all of us, especially during this pandemic. But the increasing rate of cybercrimes has also made us realize that the internet can be a scary place.
Big Basket has promised to look into the matter & seek immediate solutions. Thus, only time will tell how the company deals with the crisis. We will also see what steps they take in order to prevent such an incident from happening again.