scorecardresearch
Friday, Oct 07, 2022
Premium

Explained: How big is the Bigbasket data breach?

In a statement, BigBasket said it was evaluating the extent of the breach and authenticity of the claim in consultation with cybersecurity experts and was finding “immediate ways to contain it”.

Cyble has claimed that personal information of as many as 20 million users such as full names, email IDs, password hashes, etc

India’s top online grocer BigBasket has suffered a potential data breach resulting in personal information of over 20 million customers being allegedly sold on the dark web. This incident follows a series of data breaches that have impacted Indian companies.

When did the Bigbasket breach happen?

According to cybersecurity firm Cyble, which first made the details of the potential breach public, the alleged breach occurred on October 14. The firm said that it first detected the breach on October 30 and after validating the breach, it disclosed the breach to the Bigbasket management on November 1. The cybersecurity firm made the details of the breach public on November 7.

What BigBasket information has been leaked?

Cyble has claimed that personal information of as many as 20 million users such as full names, email IDs, password hashes (potentially hashed OTPs), pin, contact numbers (mobile and phone), full addresses, date of birth, location, and IP addresses of where users have logged in from have been put up for sale on the dark web for $40,000.

How to know if your data has been leaked on the dark web?

Subscriber Only Stories
‘If I did not explore art, my life would remain unfulfilled’: Lalu Prasad...Premium
On Budget review eve, macro worries are back amid global recession fearsPremium
Eye on China Party CongressPremium
We had to target 40 people a day: TN engineer who escaped Myanmar’s...Premium

Cyble has listed a portal http://www.amibreached.com, where users can check if their personal information has been leaked on to the dark web.  📣 Express Explained is now on Telegram

How has BigBasket responded?

In a statement, the Bengaluru-based firm said it was evaluating the extent of the breach and authenticity of the claim in consultation with cybersecurity experts and was finding “immediate ways to contain it”. The company has also filed a complaint with the Cyber Crime Cell in Bengaluru. “The privacy and confidentiality of our customers is our priority and we do not store any financial data including credit card numbers etc., and are confident that this financial data is secure. The only customer data that we maintain are email ids, phone numbers, order details, and addresses so these are the details that could potentially have been accessed,” it said.

What have been the previous cases of data breaches in India?

Advertisement

If one only goes by the information released by Cyble, there have been six cases of cyber breaches in India in the last one month alone. These include incidents at snacks manufacturer Haldiram Snacks Pvt Ltd, Indian wedding planning website Wedmegood, Indian Prime Minister’s personal website narendramodi.in, online matrimonial service Bharat Matrimony and Indian Railways’ online ticketing portal IRCTC. In addition to this, late last month, pharmaceutical major Dr Reddy’s Laboratories witnessed a cyber attack. Cyble, had, in August also reported a data breach at e-commerce company Paytm Mall.

First published on: 09-11-2020 at 04:30:23 pm
Next Story

Explained: Should a misfiring Rohit Sharma open the innings for Mumbai Indians in the IPL final?

Latest Comment
Post Comment
Read Comments
Advertisement
Advertisement
Advertisement
Advertisement