Grocery e-commerce website Bigbasket has allegedly suffered a data breach, according to cyber intelligence firm Cyble, the details of over 20 million people available in the darkweb.
BigBasket was founded by Alibaba Group, Mirae Asset-Naver Asia Growth Fund, and the CDC group, it has over 18,000 products from over 1000 brands in its listing.
While the COVID-19 pandemic continues to spread worldwide, online shopping is becoming very important for users, and such kind of incidents is exposing millions of users to the risk of hack.
Online stores manage both personal and financial details of their customers to allow them to easily purchase the products and receive them at their home.
In routine Dark web monitoring activity, the Cyber research team spotted a threat actor offering the database of BigBasket for sale in a cyber-crime market. The archive is 15 GB in size and contains 20 million user records, it is being sold for over $40,000.
The database includes names, email IDs, password hashes (potentially hashed OTPs), contact numbers (mobile + phone), addresses, date of birth, location, and IP addresses of login among many others.
Cyble notifies the company’s management team of the leak and they are currently working towards a disclosure process.
Below the timeline of the alleged data breach:
The company has filed a police complaint in this regard with Cyber Crime Cell in Bengaluru and is investigating the alleged incident.
“Cyble is disclosing the alleged data leak in the interest of the population impacted.” concludes Cyble.
People who want to check if their information has been exposed in this data breach and other incidents can register on Cyble’s data breach monitoring and notification platform, AmiBreached.com.
(SecurityAffairs – hacking, BigBasket)