Go Ad-Free
    My Alerts
    Moneycontrol
    Moneycontrol PRO
    HomeNewsBusinessBigBasket faces data breach, details of over 2 crore users put on sale on dark web

    BigBasket faces data breach, details of over 2 crore users put on sale on dark web

    BigBasket filed a police complaint a day after cyber intelligence firm Cyble claimed that a hacker has put data allegedly belonging to the company on sale for around Rs 30 lakh

    Moneycontrol News
    November 09, 2020 / 08:47 IST

    BigBasket has filed a police complaint with the Bengaluru Cyber Crime Cell to verify claims of a potential data breach affecting 2 crore users made by cyber intelligence firm Cyble.

    Cyble has claimed that a hacker has put data allegedly belonging to BigBasket on sale for around Rs 30 lakh on dark web.

    "In the course of our routine dark web monitoring, the research team at Cyble found the database of BigBasket for sale in a cybercrime market, being sold for over $40,000. The leak contains a database portion; with the table name 'member_member'. The size of the SQL file is about 15 GB, containing close to 20 million user data," Cyble said in its blog.

    Tata Group eyes minority stake in BigBasket: Reports.

    Cyble added that the data put on sale include names, email IDs, password hashes, contact numbers (mobile and phone), addresses, date of birth, location, and IP addresses of login among many others.

    Related stories

    While Cyble has mentioned "passwords", the company uses a one-time password sent through SMS which keeps on changing with every login.

    Stating the privacy and confidentiality of customers is priority, BigBasket said it does not store any financial data including credit card numbers etc and is confident that this financial data is secure.

    "A few days ago, we learnt about a potential data breach at BigBasket and are evaluating the extent of the breach and authenticity of the claim in consultation with cybersecurity experts and finding immediate ways to contain it. We have also lodged a complaint with the Cyber Crime Cell in Bengaluru and intend to pursue this vigorously to bring the culprits to book," it said in a statement.

    The cyber intelligence firm had claimed that the breach occurred on October 30, 2020, and it has already informed the management of BigBasket about it.

    The Bengaluru-based grocery e-commerce platform BigBasket is funded by Alibaba Group, Mirae Asset-Naver Asia Growth Fund, and the UK government-owned CDC group.

    (With inputs from agencies)

    Moneycontrol News
    first published: Nov 8, 2020 06:52 pm

    Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!

    Subscribe to Tech Newsletters

    • On Saturdays

      Find the best of Al News in one place, specially curated for you every weekend.

    • Daily-Weekdays

      Stay on top of the latest tech trends and biggest startup news.

    Advisory Alert: It has come to our attention that certain individuals are representing themselves as affiliates of Moneycontrol and soliciting funds on the false promise of assured returns on their investments. We wish to reiterate that Moneycontrol does not solicit funds from investors and neither does it promise any assured returns. In case you are approached by anyone making such claims, please write to us at grievanceofficer@nw18.com or call on 02268882347