The company has faced a potential data breach with the information of over 20 million customers on the darkweb for sale, according to US-based cybersecurity intelligence firm Cyble.
The data, being sold for $40,000, includes the full names, email IDs, password hashes (potentially hashed OTPs), PIN, contact numbers, addresses, dates of birth, location, and IP addresses of login, among other bits of information, says a Cyble blogpost.
The Bengaluru-based start-up has lodged a complaint with the city’s cybercrime cell and is evaluating the extent of the breach and authenticity of the claim in consultation with cyber security experts.
“The privacy and confidentiality of our customers are our priority and we do not store any financial data, including credit card numbers, and are confident that this financial data is secure,” said the Alibaba-backed company in a statement.
Cyble said that a hacker has put data allegedly belonging to Bigbasket on sale for around Rs 30 lakh.
“In the course of our routine dark web monitoring, the research team at Cyble found the database of Big Basket for sale in a cyber crime market, being sold for over $40,000. The leak contains a database portion; with the table name ‘member_member’. The size of the SQL file is about 15 GB, containing close to 20 million user data,” Cyble said in its blog.
According to an IBM survey, the average cost of a data breach in India touched ~14 crore in 2020, an increase of 9.4 per cent from last year, as the average time to contain a data breach increased from 77 to 83 days a year. The top three root causes of data breach are malicious attacks, system glitches, and human error in the country, added the report.
While the opinion is uniform that data is a critical asset that can help sharpen business outreach and increase profits, it should be treated as a tradeable asset, say experts.
“Instead of treating it as a commodity that needs to be hidden behind large security measures, the industry and regulatory bodies need to move towards treating data as a tradeable asset and data economy infrastructure wherein consumers will be more comfortable and slightly richer and data pirates have less of an incentive to breach and sell it,” said Ankit Chaudhari, chief executive officer and founder, Aiisma, a data marketplace.
“Or else security will keep becoming expensive and hackers sophisticated, a scenario in which neither consumer nor company wins,” Chaudhari added.
- Biden signs executive orders on food aid and worker protections - January 28, 2021
- Three Rafale jets arrive in India after flying non-stop from France - January 28, 2021
- Supreme Court stays Bombay HC order on ‘skin-to-skin’ contact for sexual assault under POCSO Act - January 28, 2021