BigBasket, one of the most popular online grocery delivery platform has suffered a massive Data Breach affecting over 2 crore (20 million+) users of the platforms as reported by cyber security firm Cyble over the weekend, revealing that the personal information of over 2 crore users was being sold on the dark web for about $40,000 (~Rs. 30 lakhs).
As per the official statement by BigBasket, the company states that it is aware of the report and is currently working to “evaluate the extent of the breach and authenticity of the claim.“
According to the report published by the cybersecurity firm it alleges that the database being sold on the dark web is said to be contained full names, email IDs, password hashes, pin, contact numbers, full addresses, date of birth, location, and IP addresses of the users.
However BigBasket says that the company does not store any financial data of the users including credit or debit card of the users.
Cyble reports that the data breach on the platform occurred around 14th October, which the cyber security firm detected on October 30th and independently verified it within a day before reporting it to BigBasket on November 1st.
“We have also lodged a complaint with the Cyber Crime Cell in Bangalore and intend to pursue this vigorously to bring the culprits to book.” BigBasket said in the official statement.
The timing of the data breach seems to be a big pain for the company as their has been reports of BigBasket selling its major stake to the Tata Group for about $1 billion. In the nationwide lockdown due to the COVID-19 Pandemic the company gained about 84% new users and a 50% jump in retention numbers as compared to the pre-COVID numbers.
It is expected that the company will make some announcements regarding the data breach of user data from its platform.