Two Crore BigBasket Users Face Potential Data Breach, Details For Sale On Dark Web

BigBasket, an Indian online grocery delivery platform, has faced a potential data breach, with details of over two crore users compromised, US-based cybersecurity intelligence firm Cyble Inc reported.

According to the firm, the hacker has allegedly put the data on sale on the dark web for ₹30 lakh. The leaked data includes names, e-mail IDs, passwords, pins, contact number, location, date of birth, IP addresses of login, among other details.

"In the course of our routine dark web monitoring, the research team at Cyble found the database of BigBasket for sale in a cybercrime market, being sold for over $40,000. The leak contains a database portion; with the table name 'member_member'. The size of the SQL file is about 15 GB, containing close to 20 million user data," the firm's report as quoted by Scroll.In.

The data breach reportedly occurred on October 30, and the cybersecurity firm informed BigBasket on November 1. The grocery e-commerce company has lodged a complaint with Cyber Crime Cell in Bengaluru and is verifying claims made by cyber experts.

The company, in its official statement, confirmed that the financial data of customers is secure and contains a robust security framework to manage the information. It is evaluating the extent of the breach and the authenticity of the claim, consulting the cybersecurity experts.

BigBasket is a Bengaluru-based company and is funded by Alibaba Group, Mirae Asset-Naver Asia Growth Fund, and the UK government-owned CDC group.

Also Read: Tripura Launches Eco-Friendly Bamboo 'Diyas' Ahead Of Diwali