Bigbasket Data Breach; Around 20 Million Users Data Affected

• Online grocery shopping platform Bigbasket has faced a data breach that has affected around 20 million user's data.
• Earlier in October 2020, Safety Detectives reported Edtech startup Edureka faced a data breach that affected 2 million user's data.

Bangalore-based online grocery shopping platform Bigbasket has faced a potential data breach which could have leaked details of its 20 million users, said US-based cybersecurity firm Cyble Inc.

The security firm Cyble claims that the hacker has put the user's data on sale on the dark web for over Rs 30 lakh (or about $40,000).

The company has filed a police complaint in this regard with a cybercrime cell in Bengaluru and is in the process of verifying the claims made by Cyble security experts.

Further, the firm claimed that data put on sale includes user names, email IDs, password hashes, phone numbers, addresses, date of birth, location, and IP addresses, among many others.

In response to the claims made by security firm Cyble, Bigbasket said, The privacy and confidentiality of the user's data is our topmost priority, and it does not store any financial data such as credit-debit card numbers, etc. Therefore, We are confident that this financial data is secure.

"The only customer data that we maintain are email IDs, phone numbers, order details, and addresses so these are the details that could potentially have been accessed. We have a robust information security framework that employs best-in-class resources and technologies to manage our information. We will continue to proactively engage with best-in-class information security experts to strengthen this further," Bigbasket said.

Also Read: Fintech Startup GalaxyCard Raises Seed Funding From Samyakth Capital And Others

"In the course of our routine dark web monitoring, the research team at Cyble found the database of BigBasket for sale in a cybercrime market, being sold for over USD 40,000. The leak contains a database portion; with the table name 'member_member'. The size of the SQL file is about 15 GB, containing close to 20 million user data," Cyble said in its blog.

Further, The cyber intelligence firm said, Cyble validated the breach through "validation of the leaked data with BigBasket users/information", and on November 1, "Cyble disclosed the breach to BigBasket management".

According to the reports, Cyble first claimed the Bigbasket data breach on October 31, 2020.

Earlier in October this year, Edureka faced a data breach that affected around 2 million user's data.

UPDATE: Bigbasket has acknowledged that the data of 20 million users' was breached, and the company has filed a police complaint against the hackers. The company has also assured that the users' financial data is secured.

the story was first reported by PTI

Follow IndianStartupNews on Facebook, Instagram, Twitter for the latest updates from the startup ecosystem.