Fri. Mar 29th, 2024
BigBasketBigBasket

20 million user data of online grocery store BigBasket up for sale in the Dark web after potential data breach

A new report of cyber attack emerges and this time the target has been the Indian online grocery store BigBasket. According to the report, the company has faced a potential data breach which led to the sale of data of an estimated 20 million of BigBasket’s customers upon the Dark web for sale. The data breach incident was reported by US-based cybersecurity intelligence firm Cyble.

Cyble Blogspot has informed that the data up for sale in the dark web contains valuable pieces of information such as full names, email IDs, password hashes (potentially hashed OTPs), PIN, contact numbers, addresses, dates of birth, location, and IP addresses of login. The data as per the report is being sold for $ 40,000.

The Bangalore-based online grocery firm, BigBasket has already filed a complaint to the city’s cybercrime cell. The company is now evaluating the extent of the breach and authenticity of the claim in consultation with cybersecurity experts.

The company in a statement said, “The privacy and confidentiality of our customers are our priority and we do not store any financial data, including credit card numbers, and are confident that this financial data is secure.”

The company statement also added, “only customer data we maintain are email IDs, phone numbers, order details, and addresses so these are the details that could potentially have been accessed. We have a robust information security framework that employs best-in-class resources and technologies to manage our information.”

The breach, according to Cyble Blogspot had occurred on October 14th. However, BigBasket management was informed about the breach on the 1st of November.

As we move further into the internet age, these cyberattacks become more frequent. Last month pharmaceutical company Dr. Reddy’s had to close off its operations around the globe as news of cyberattacks on its servers emerged. Earlier in May, Facebook backed the online education platform Unacademy also had been the target of a cyber attack with the data of over 20 million of the platform’s users leaked and put on sale on the dark web.

An IBM survey concludes that the average cost of a data breach in India is estimated to be 14 crores in 2020. This is an increase of 9.4 percent from last year. The average time to contain a data breach increased from 77 to 83 days a year. The report also said that the main causes of a data breach are malicious attacks, system glitches, and human error in the country.

Ankit Chaudhari, chief executive officer, and founder, Aiisma said to news agency Business Standard, “Instead of treating it as a commodity that needs to be hidden behind large security measures, the industry and regulatory bodies need to move towards treating data as a tradeable asset and data economy infrastructure wherein consumers will be more comfortable and slightly richer and data pirates have less of an incentive to breach and sell it.”

Aiisma is an Indian born data market place.

He also added, “Or else security will keep becoming expensive and hackers sophisticated, a scenario in which neither consumer nor company wins.”

 

 

By Swastik Bhattacharjee

A student from Kolkata. Currently content creator at The Indian Wire.