BigBasket, one of the leading online food and grocery stores has been a victim of a breach that has reportedly leaked the data of around 20 million users on the dark web. The data is being sold on the dark web for over $40,000 (Approx Rs 29,64,000).
The company has filed a police complaint in this regard with Cyber Crime Cell in Bengaluru and is verifying claims made by cyber experts.
The breach was identified by Cyble, a cyber-security firm on October 30th during its routine dark-web monitoring. The information was made available to the public on 7th of November.
“The leak contains a database portion; with the table name ‘member_member’. The size of the SQL file is ~ 15 GB, containing close to 20 Million user data. More specifically, this includes full names, email IDs, password hashes (potentially hashed OTPs), pin, contact numbers (mobile + phone), full addresses, date of birth, location, and IP addresses of login among many others”, the blog post by Cyble read.
Cyble claimed that it had already informed the BigBasket management on 1st November.
“A few days ago, we learnt about a potential data breach at bigbasket and are evaluating the extent of the breach and authenticity of the claim in consultation with cybersecurity experts and finding immediate ways to contain it. We have also lodged a complaint with the Cyber Crime Cell in Bengaluru and intend to pursue this vigorously to bring the culprits to book,” Bigbasket said in a statement.