[BreachExchange] Online Grocery Store BigBasket faces Data Breach of 2 Crore Users

Tue Nov 10 10:45:00 EST 2020

https://www.ehackingnews.com/2020/11/online-grocery-store-bigbasket-faces.html

E-Grocery platform BigBasket has been attacked by a breach of data
with a leak of almost 2 Crore user info, cyber intelligence firm Cyble
confirms.
The leading food store from Banglore admitted the data breach on Sunday.

US-based third-party cyber intelligence firm Cyble saw BigBasket's
data on sale for 40,000$ on the dark web during their routine petrols.
Cyble reported on their blog that the breach probably occurred on
October 14, they detected it on October 30, validated it on October
31, and informed the e-retailer on November 1.

 “In the course of our routine dark web monitoring, the research team
at Cyble found the database of Big Basket for sale in a cybercrime
market, being sold for over $40,000. The leak contains a database
portion; with the table name ‘member_member’ The size of the SQL file
is about 15 GB, containing close to 20 million user data,” Cyble
reported on their blog.

The company says they have lodged a report with the Cyber Cell and
reassured that the potential data that could be stolen can include
email IDs, phone numbers, order details, and addresses that they store
of their customers and that they are employing the best security to
snip the breach.

The company made the following statement on the matter:

“A few days ago, we learned about a potential data breach at Bigbasket
and are evaluating the extent of the breach and authenticity of the
claim in consultation with cybersecurity experts and finding immediate
ways to contain it. We have also complained with the Cyber Crime Cell
in Bengaluru and intend to pursue this vigorously to bring the
culprits to book.

“The only customer data that we maintain are email IDs, phone numbers,
order details, and addresses so these are the details that could
potentially have been accessed. We have a robust information security
framework that employs best-in-class resources and technologies to
manage our information. We will continue to proactively engage with
best-in-class information security experts to strengthen this
further,” Bigbasket said.

 India is soon becoming a sweet target for hackers and cyber frauds,
according to a report by global cybersecurity company Sophos, 82% of
Indian companies were attacked in the past 12 months and only 8% of
them were able to fend off the attack as compared to the global
average of 24%. The numbers stand witness that companies need to
upgrade their cybersecurity, in the long run, we need not focus on
fixing problems after the attack but to take preventive measures to
stop the attack from happening in the first place.