BigBasket Data Leaked on Web, Claimed to Include Details of Over 20 Million Users

Big Basket is Supermarket Grocery Supplies PVT. LTD. It is an Indian online grocery delivery service. Has recently faced a data breach allegedly leaked on the dark web and comprises 20 million users’ data such as names, emails, phone numbers, and hashed passwords. Besides this, it also has their residence addresses and date of birth. 

Currently, the database is available for free access on the dark web, involves user passwords in an encrypted form, another hacker has claimed to have decrypted some of the other leaked passwords. 

The firm delivers grocery goods found in convenience stores, food supplies, home essentials, and more. It was founded by Sudhakar, Hari Menon,  Vipul Parekh, Abhinay Choudhari, and Ramesh in December 2011 and has its HQs in Bangalore, India.  

The alleged data has been out on the web by a hacker group infamously known as  ShinyHunters. 

https://twitter.com/UnderTheBreach/status/1386281705477189633

Meanwhile, Cybersecurity researcher Rajeshekahr Rajaharia told Gadgets 360 that the data breach is associated with the breach that the company itself confirmed in November 2020. 

On 26 April, at 6:56 PM, BigBasket has reported to the media to confirm that this is indeed the November leak and also stated that it has made changes to its systems and ways. And it switched to an OTP-based mechanism instead, as a security measure. 

The company added- “A few days ago, we learned about a potential data breach at BigBasket and are evaluating the extent of the breach and authenticity of the claim in consultation with cybersecurity experts and finding immediate ways to contain it,” the company had said while confirming the data breach that was made public by cybersecurity intelligence firm Cybele.

And here’s the full statement by the Grocery hub BigBasket: 

This article / social media post refers to an alleged data breach in Nov-2020 and not something that has happened recently. We know it’s not recent because the article /social media post mentions the release of hashed passwords. We had eliminated all hashed passwords from our system and moved to a secure OTP-based authentication mechanism quite some time back. Also, our site does not collect or store any sensitive personal data of customers like credit card details. So customer data continues to be safe and no further action needs to be taken by customers. 

The company has seen tremendous growth, and in March 2019, it has raised $150 million in investment from Mirae, Alibaba Group, and CDC Group, and came at a  valuation of $1 Billion. Then, later in March 2020, they acquired a micro-delivery firm, DailyNinja. And latest earlier in 2021, the Tata Group acquired around 68% of its stakes for around 9,500 crores. But now it is stuck into nig data breach of 20 million users’ information floating over the dark web. 

Content Protection by DMCA.com

Discover more from GLOBAL BUSINESS LINE

Subscribe to get the latest posts sent to your email.

Discover more from Global Business Line

Subscribe now to keep reading and get access to the full archive.

Continue reading