0$0.00

No products in the cart.

Bigbasket faces potential data breach; details of 2 crore users put on sale on dark web, Retail News, ET Retail


Bigbasket faces potential data breach; details of 2 crore users put on sale on dark webIndia’s leading online grocer BigBasket has allegedly suffered a massive data breach in which details of over 20 million users, including their names, email ids, addresses and phone numbers, might have been leaked on the dark web, according to a US-based cyber intelligence firm.

Cyble, which detected the breach on October 30, said it found the database of the Bengaluru-based company on the dark web during its routing monitoring, and found that it was being sold for over $40,000 (approx Rs 30 lakh). According to a blogpost, the cybersecurity firm said the alleged breach occurred on October 14.
“The leak contains a database portion… containing close to 20 million user data. More specifically, this includes full names, email IDs, password hashes, pin, contact numbers, full addresses, date of birth, location, and IP addresses of login among many others,” Cyble wrote in its blogpost dated November 7.

Cyble also said that the breach was verified by it and reported to the BigBasket management on November 1, giving the company a week’s time before disclosing the potential breach to the public, which is a standard industry practice followed by cyber security firms and ethical hackers.

BigBasket in a statement said that it is evaluating the extent of the breach and its authenticity and had also lodged a complaint with the Cyber Crime Cell in Bengaluru.

“A few days ago, we learnt about a potential data breach at BigBasket and are evaluating the extent of the breach and authenticity of the claim in consultation with cybersecurity experts and finding immediate ways to contain it. We have also lodged a complaint with the Cyber Crime Cell in Bangalore and intend to pursue this vigorously to bring the culprits to book,” BigBasket said in a statement.
The company said that it does not store any financial data, including credit card numbers, and that it was confident that such data is secure, adding that the only data of its customers that it stores is their email ids, phone numbers, order details, and addresses.

News of the breach comes at a time when BigBasket is in talks with the Tata Group to divest majority stake to the salt-to-software services conglomerate. ET had reported on October 28 that the Alibaba-backed company was looking to sell around 50% stake to Tata for $1 billion, giving its Chinese investor and a few other early investors an exit.

In August, Cyble had in a post alleged that the ecommerce platform of India’s leading digital payments firm Paytm had suffered a massive data breach. Paytm thereafter claimed that the report was false and sent a legal notice to the US-based cyber security firm and threatened to initiate defamation proceedings against it.





Source link

Coolwick.com