In the course of our routine dark web monitoring, the research team at Cyble found the database of BigBasket for sale in a cybercrime market, being sold for over $40,000. The leak contains a database portion; with the table name 'member_member'. The size of the SQL file is about 15 GB, containing close to 20 million user data," Cyble said in its blog.
According to cyber intelligence firm Cyble, sensitive data of BigBasket users such as full names, email IDs, password hashes, contact numbers, addresses have been accessed by hackers and exposed on the dark web. Adding to the woes of BigBasket, a hacker has put the data on sale for around Rs 30 lakh.
The cyber intelligence firm had claimed that the breach occurred on October 30, 2020, and it has already informed the management of BigBasket about it. Cyble added that the data put on sale include names, email IDs, password hashes, contact numbers (mobile and phone), addresses, date of birth, location, and IP addresses of login among many others.
Cyble has revealed that the names and addresses of people have been exposed on the dark web but the company has claimed that the financial data of the users are safe. For online shopping, you need to share the debit or credit card details with the e-commerce platform. The site also saves the details to make it easier for you to place future orders. BigBasket has also filed a complaint at the cyber cell in Bengaluru.
The company said the privacy and confidentiality of customers is a priority and it does not store any financial data, including credit card numbers, etc. and is confident that this financial data is secure.