Hackers Steal 2 Crore Big Basket Users' Data, Put It On Dark Web For Rs 30 Lakh
This discovery was made by cybersecurity firm Cyble. It has revealed that all kinds of confidential user data is up for sale by the hacker on the dark web for Rs 30 lakhs.
An Indian online grocery store has become the newest victim of a massive cyber attack. Big Basket has been hit by a major data breach that has caused the data of over 2 crores of its users to be readily available on the dark web.
This discovery was made by cybersecurity firm Cyble. It has revealed that all kinds of confidential user data is up for sale by the hacker on the dark web for Rs 30 lakhs.
Cyble said in a blog post, ¡°In the course of our routine Dark web monitoring, the Research team at Cyble found the database of Big Basket for sale in a cybercrime market, being sold for over $40,000. The leak contains a database portion; with the table name ¡®member_member¡¯. The size of the SQL file is ~ 15 GB, containing close to 20 Million user data. More specifically, this includes full names, email IDs, password hashes (potentially hashed OTPs), pin, contact numbers (mobile + phone), full addresses, date of birth, location, and IP addresses of login among many others.¡±
Personal data leaked
According to Cyble, the data consists of the names and addresses of people. Big Basket has however revealed that payment information (like saved credit and debit cards) of all its users still remains safe and away from the hands of the hackers.
Big Basket has said in a statement, ¡°A few days ago, we learned about a potential data breach at BigBasket and are evaluating the extent of the breach and authenticity of the claim in consultation with cybersecurity experts and finding immediate ways to contain it. We have also lodged a complaint with the Cyber Crime Cell in Bengaluru and intend to pursue this vigorously to bring the culprits to book.¡±
The statement further added, "The only customer data that we maintain are email IDs, phone numbers, order details, and addresses so these are the details that could potentially have been accessed. We have a robust information security framework that employs best-in-class resources and technologies to manage our information. We will continue to proactively engage with best-in-class information security experts to strengthen this further.¡±