#MassiveBreach: Data of two crore BigBasket users put on sale
Online grocery store BigBasket filed a police complaint in Bengaluru, after learning that data of two crore of its customer could have been compromised. As per Cyble, a United States-based cybersecurity intelligence firm, a hacker put crucial data on sale on the dark web for approximately Rs. 30 lakh. The company is learned to be judging the extent of the breach. Here's more.
Database of BigBasket put for sale: Cyble
The firm claimed that it learned of the breach while it was monitoring the dark web. "Cyble found the database of BigBasket for sale in a cybercrime market, being sold for over $40,000. The leak contains a database portion; with the table name 'member_member'. The size of the SQL file is about 15 GB, containing close to 20 million user data," Cyble added.
The incident happened on October 30
The firm revealed that the enormous leaked data consists of full names of users as well as their contact numbers, complete addresses, and birth dates. The IP addresses of login and password hashes have also been potentially compromised. The breach happened on October 30, and BigBasket was informed about it on November 1. Thereafter, the online portal contacted the cybercrime cell in Bengaluru.
BigBasket is "evaluating the authenticity of claim"
In a statement, BigBasket admitted it was aware of the potential data breach. "[We] are evaluating the extent of the breach and authenticity of the claim in consultation with cybersecurity experts and finding immediate ways to contain it," the company said. It also assured it only possesses email IDs, phone numbers, order details, and addresses of customers to provide a seamless experience.
The company mentioned about its strong information security framework
"We have a robust information security framework that employs best-in-class resources and technologies to manage our information. We will continue to proactively engage with best-in-class information security experts to strengthen this further," the company said in the statement.
Dr. Reddy's, Unacademy have also been attacked similarly
Just last month, Hyderabad-based pharmaceuticals company Dr. Reddy's Laboratories shut its worldwide plants after hackers attacked its servers. In May 2020, Unacademy's data was compromised with information of about two crore of its users being available for sale. Reportedly, the average cost of a data breach in India is nearly Rs. 14 crore, and approximately 83 days are taken to contain the attack.