Big Basket hit by data breach; credentials of 2 crore consumers put up for sale on Dark Web

BigBasket hit by data breach; credentials of 2 crore consumers put up for sale on Dark Web

Online grocery platform BigBasket has faced a potential data breach as the information of over 20 million customers had been put up for sale on the dark web, according to cyber security intelligence firm Cyble.

According to Cyble blog post, the data has been put up for sale for Rs. 30 lakh, and includes credentials such as full names, email IDs, password hashes (potentially hashed OTPs), PIN, contact numbers, addresses, dates of birth, location, and IP addresses of login, among other bits of information.

BigBasket has lodged a complaint with the Bengaluru's Cybercrime Cell and is evaluating the extent of the breach and authenticity of the claim in consultation with cyber security experts.

According to the company, customer privacy and confidentiality is a priority and it does not store any financial data, including credit card numbers. The company added that it is confident that customers' financial data is secure.

"The only customer data we maintain are email IDs, phone numbers, order details, and addresses so these are the details that could potentially have been accessed. We have a robust information security framework that employs best-in-class resources and technologies to manage our information," it added.

According to the Cyble blog post, the alleged breach occurred on October 14 and the BigBasket management was informed about it on November 1.