Online grocer BigBasket was reportedly attacked by hackers and personal details of as many as 2 crore were stolen. The e-commerce grocery firm lodged a police complaint with Bengaluru Cyber Crime Cell of the same and is currently verifying the incident first reported by cyber intelligence firm Cyble, said reports.
Cyble said the Bengaluru-based e-commerce company was the victim of a hacking attack. It also alleged that the hacker put the details of the company’s 2 crore shoppers for sale on the dark web for Rs 30 lakh.
A blog from Cyble said the breach occurred on October 14 and was validated by it on October 16. The company said it informed the BigBasket’s management on November 1.
The stolen data put up for sale on the dark web includes extremely personal information such as names, passwords, date of birth, location and IP addresses of as many as 20 million users, Cyble claimed.
“Database of Big Basket for sale in a cyber-crime market, being sold for over $40,000. The leak contains a database portion; with the table name ‘member_member’. The size of the SQL file is ~ 15 GB, containing close to 20 Million user data. More specifically, this includes full names, email IDs, password hashes (potentially hashed OTPs), pin, contact numbers (mobile + phone), full addresses, date of birth, location, and IP addresses of login among many others,” it added.
China’s Alibaba is a major investor in BigBasket with almost a 28% stake. Sources say it wants to pare down its shareholding in BigBasket, India’s first unicorn from the e-grocery space.
Big Basket is present in Bangalore, Hyderabad, Mumbai, Pune, Chennai, Delhi, Noida, Mysore, Coimbatore, Vijayawada-Guntur, Kolkata, Ahmedabad-Gandhinagar, Lucknow-Kanpur, Gurgaon, Vadodara, Visakhapatnam, Surat, Nagpur, Patna, Indore, Chandigarh and Tricity city,