20 million users data at risk in Bigbasket’s data breach


The online grocery store Bigbasket has confirmed the leakage of data of its 20 million users. Amid this pandemic, here comes the shocking news of personal information of millions of customers being sold on the dark web platform. This incident is from India’s well known e-commerce startup, Bisbasket.

The inferential data breach was initially reported by Cyble, a cybersecurity firm. The firm alleged to acknowledge the breach on October 30 for the first time. It was revealed to Bigbasket soon after corroborating the matter. The breach was claimed to occur on October 14, and Cyble published about the same on November 7.  The personal details of customers of Bigbasket are compromised after the company faced a security breach, as alleged by Cyble.

The Bengaluru-located online grocery startup is inspecting the data breach and its authenticity in discussion with cybersecurity specialists. The enterprise has already reported the matter to Cyber Crime Cell and lodged a complaint in Bengaluru. The company alleged to maintain privacy and confidentiality of its customers as their top priority. 

Bigbasket asserted to store information specific for the procuring purpose as email IDs, order details, phone numbers, and addresses. Though the e-grocery startup also ensured not collecting any fiscal data related to credit card numbers,  the company  also points to the stocked details as of order, phone numbers including phone and mobile numbers, addresses and email IDs to be at risk of being accessed. According to an IANS report, the complaint is yet to be substantiated by the Cyber Crime Cell.

The cybersecurity venture alleged that many critical information of Bigbasket’s customer is on sale for almost $40,000. The personal information at risk include IP addresses, full names, pin, date of birth, location, password hashes including the implicitly hashed OTPs, email IDs, and the contact numbers of the customers. The cybersecurity research firm has also provided the website name amibreached.com. The portal can be used by customers to confirm if their details have been leaked or not.

“We have a robust information security framework that employs best-in-class resources and technologies to manage our information. We will continue to proactively engage with best-in-class information security experts to strengthen this further,” said the company.

Bigbasket is among the top e-grocery startups in India, and it has gained a tremendous growth in the retail market especially during Covid-19. Hari Menon, CEO of Bigbasket, tweeted in April that they witnessed an escalated demand of 3-6 fold times. It is highly unfortunate to get stuck with such a cyber attack.

Like Bigbasket, other e-commerce companies have also faced similar problems

However, there have been security attacks in other e-commerce retailers as well. Amidst this pandemic, Dunzo was also hit by such attacks. Dunzo is a hyperlocal delivery startup that claimed its data breach back in April during the lockdown. The startup was compromised with the crucial information of its 3.4 million users. Apart from the intricate customer’s data at risk, Dunzo’s investigation ascertained that the servers of their third party were also compromised. This was the critical step that actually allowed the unwarranted entry and their database was breached. Dunzo claimed to not store any financial or payment data related to credit card numbers. However, personal information such as email id and phone numbers could have been accessed.

According to the cybersecurity firm Cyble, data breaches in India ramped up to 6 in number in the last month. Due to covid-19, when digitalisation is at its peak, some other organisations were being affected with such security breaches. The firms previously attacked include online matrimonial portal Bharat Matrimony, the recognised snacks producer Haldiram Snacks Pvt. Ltd, Indian Railways’ online ticketing portal IRCTC, Indian Prime Minister’s personal website narendramdoi.in, and Indian wedding planning platform Wedmegood. Dr Reddy’s Laboratories, a recognised pharmaceutical company, also came up against such breaches. In August, Cyble also published such cyber attacks at Paytm Mall, an e-commerce company. There is a sure need to check the security for different portals and act to strengthen it anyhow.