Grocery app BigBasket has been reportedly hacked recently following which the personal data of over 2 crore users was sold for Rs 30 lakh.
Cyble, a firm which tracks data breaches, reported that its research team was able to find the database of Big Basket for sale on the dark web.
“The leak contains a database portion; with the table name ‘member_member’. The size of the SQL file is ~ 15 GB, containing close to 20 Million user data. More specifically, this includes full names, email IDs, password hashes (potentially hashed OTPs), pin, contact numbers (mobile + phone), full addresses, date of birth, location, and IP addresses of login among many others,” said the company.
BigBasket is said to have comprised sensitive data of over 40 million users, as per US-based cybersecurity intelligence firm Cyble. The company had informed BigBasket about the data breach a day after it was detected on November 1. Subsequently, BigBasket acknowledged the breach and filed a police complaint against the hackers.
It has, however, assured that the only data that could have been leaked were the phone numbers, addresses, and not credit or debit card details. “The privacy and confidentiality of our customers are our priority and we do not store any financial data, including credit card numbers, and are confident that this financial data is secure,” the company said in a statement.
“The only customer data we maintain are email IDs, phone numbers, order details, and addresses so these are the details that could potentially have been accessed. We have a robust information security framework that employs best-in-class resources and technologies to manage our information,” it added.
The leaked data includes full names, password hashes (potentially hashed OTPs), pin, contact numbers (mobile and phone), full addresses, date of birth, location, and IP addresses of login, among other details, Cyble said.
BigBasket is funded by Alibaba Group, Mirae Asset-Naver Asia Growth Fund and the UK government-owned CDC group.