E-Grocery platform BigBasket has been attacked by a breach of data with a leak of almost 2 Crore user info, cyber intelligence firm Cyble confirms.
The leading food store from Banglore admitted the data breach on Sunday.
US-based third-party cyber intelligence firm Cyble saw BigBasket’s data on sale for 40,000$ on the dark web during their routine petrols. Cyble reported on their blog that the breach probably occurred on October 14, they detected it on October 30, validated it on October 31, and informed the e-retailer on November 1.
“In the course of our routine dark web monitoring, the research team at Cyble found the database of Big Basket for sale in a cybercrime market, being sold for over $40,000. The leak contains a database portion; with the table name ‘member_member’ The size of the SQL file is about 15 GB, containing close to 20 million user data,” Cyble reported on their blog.
The company says they have lodged a report with the Cyber Cell and reassured that the potential data that could be stolen can include email IDs, phone numbers, order details, and addresses that they store of their customers and that they are employing the best security to snip the breach.
The company made the following statement on the matter:
“A few days ago, we learned about a potential data breach at Bigbasket and are evaluating the extent of the breach and authenticity of the claim in consultation with cybersecurity experts and finding immediate ways to contain it. We have also complained with the Cyber Crime Cell in Bengaluru and intend to pursue this vigorously to bring the culprits to book.
“The only customer data that we maintain are email IDs, phone numbers, order details, and addresses so these are the details that could potentially have been accessed. We have a robust information security framework that employs best-in-class resources and technologies to manage our information. We will continue to proactively engage with best-in-class information security experts to strengthen this further,” Bigbasket said.
India is soon becoming a sweet target for hackers and cyber frauds, according to a report by global cybersecurity company Sophos, 82% of Indian companies were attacked in the past 12 months and only 8% of them were able to fend off the attack as compared to the global average of 24%. The numbers stand witness that companies need to upgrade their cybersecurity, in the long run, we need not focus on fixing problems after the attack but to take preventive measures to stop the attack from happening in the first place.