BigBasket, one of India’s largest online food and grocery stores, has reportedly faced a data breach following which the details of over two crore users has been put on sale on the dark web.
“We have lodged a complaint with the Bengaluru Cyber Crime Cell and intend to pursue it to bring the culprits to book,” the Bengaluru-based company told IANS.
“As confidentiality of customers is priority, we do not store their financial data, including credit card numbers and are confident that it (data) is secure,” the e-tailer added.
BigBasket stated that it has a robust information security framework and that it maintained only email ids, phone numbers, order details and address, which could have been accessed.
A US-based third-party cyber intelligence firm Cyble also claimed it detected the alleged breach on October 30. Cyble then validated it on October 31 and informed BigBasket on November 1.
“Online shopping for food and groceries dramatically shot up since April due to the COVID-induced lockdown, restrictions like social distancing and the pandemic scare. In the course of our dark web monitoring, our research team found the database of Big Basket is for sale in a cyber-crime market at $40,000,” said Cyble.
According to Cyble, the data put on sale includes names, email IDs, password hashes, contact numbers (mobile and phone), addresses, date of birth, location, and IP addresses of login among many others.
This is to be noted that the BigBasket is funded by the Chinese e-commerce giant Alibaba Group, the Mirae Asset-Naver Asia Growth Fund, and a British government-owned CDC group.
BigBasket has more than 18,000 products and over a 1000 brands in its catalogue that delivers right to the doorstep in cities like Bangalore, Hyderabad, Mumbai, Pune, Chennai, Delhi, Noida, Mysore, Coimbatore amongst others.