E-grocery BigBasket admits to customer data 'breach'


Bengaluru, Nov 9 (IANS): Leading online food and grocery store BigBasket on Sunday admitted to a potential breach of its customer data and that it was assessing the extent.

"We have lodged a complaint with the Bengaluru Cyber Crime Cell and intend to pursue it to bring the culprits to book," said the city-based company in a statement to IANS.

The Cyber Cell, however, did not confirm receiving the complaint.

The 9-year-old etailer is funded by the Chinese e-commerce giant Alibaba Group, the Mirae Asset-Naver Asia Growth Fund, and the British government-owned CDC group.

"As the confidentiality of customers is a priority, we do not store their financial data, including credit card numbers and are confident that it (data) is secure," the firm said.

Claiming that it has a robust information security framework, the company said it maintained only email ids, phone numbers, order details and addresses, which could have been accessed.

US-based third-party cyber intelligence firm Cyble claimed in its official blog on Saturday that though the alleged breach occurred on October 14, it detected it on October 30, validated it on October 31 and informed BigBasket on November 1.

BigBasket provides services in 25 cities and towns across the country, offering to deliver 18,000 products from 1,000 brands through the year.

"Online shopping for food and groceries dramatically shot up since April due to the Covid-induced lockdown, restrictions like social distancing and the pandemic scare," said Cyble in the blog.

"In the course of our dark web monitoring, our research team found the database of Big Basket for sale in a cyber-crime market at $40,000," it said.

The user database is estimated to be about 20 million, with names, email ids, password hashes, pin, contact numbers, addresses, date of birth, location and IP addresses of login.

  

Top Stories


Leave a Comment

Title: E-grocery BigBasket admits to customer data 'breach'



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.