Potential Data Breach: Details Of 2 Crore Bigbasket Users Put On Sale On Dark Web

New Delhi: Bigbasket is faced with a potential data breach which may have resulted in leaked details of around 2 crore of its users, according to cyber intelligence firm Cyble.

The Bengaluru-based company, which is funded by Alibaba Group, Mirae Asset-Naver Asia Growth Fund and the UK government-owned CDC group, has filed a complaint with the cyber crime cell in Bengaluru, Hindustan Times has reported.

According to Cyble, data belonging to the grocery e-commerce platform has been put on sale for around Rs 30 lakh.

“In the course of our routine dark web monitoring, the research team at Cyble found the database of Bigbasket for sale in a cyber crime market, being sold for over USD 40,000. The leak contains a database portion; with the table name ‘member_member’. The size of the SQL file is about 15 GB, containing close to 20 million user data,” Cyble said in its blog.

The data includes names, email IDs, passwords, contact numbers, addresses, date of birth, location, and IP addresses of login, added Cyble.

“A few days ago, we learnt about a potential data breach at Bigbasket and are evaluating the extent of the breach and authenticity of the claim in consultation with cybersecurity experts and finding immediate ways to contain it. We have also lodged a complaint with the Cyber Crime Cell in Bengaluru and intend to pursue this vigorously to bring the culprits to book,” Bigbasket said in a statement.

The company has informed that it does not store any financial data like credit card numbers.

“The only customer data that we maintain are email IDs, phone numbers, order details, and addresses so these are the details that could potentially have been accessed. We have a robust information security framework that employs best-in-class resources and technologies to manage our information. We will continue to proactively engage with best-in-class information security experts to strengthen this further,” Bigbasket said.