BigBasket, an India-based grocery e-commerce platform, suffered a potential data breach incident that could have exposed personal details of over two crore customers. According to cyber intelligence firm Cyble, the data breach was discovered on October 30, 2020, during its regular dark web monitoring activity.
Data on Dark Web
Cyble reported that an unknown threat actor group kept a database belonging to BigBasket for sale on a dark web market. Hackers are selling the database for over $40,000 with the table name “member_member.” The size of the database (SQL file) is around 15 GB and contains over 20 million customers’ personal data.
The potential leaked information included users’ full names, contact details, email IDs, password hashes (potentially hashed OTPs), pin, full addresses, date of birth, location, and IP addresses of logins among many others.
While the exact details of the threat actors’ group behind the incident is unknown, BigBasket stated that it has reported the breach to the Cyber Crime Cell for further investigation.
“Most online stores require your personal details, such as Credit or Debit card details for easy transactions, along with your residential address and mobile number for the delivery of products purchased. These details are stored in their databases for easy reference next time you decide to avail their services,” Cyble said.
Online Shopping or Monetary Loss?
Several incidents have been reported in recent times on hackers selling stolen information on the darknet markets. According to the Federal Trade Commission (FTC), the number of complaints on online shopping scams has grown every year and victims have lost a total of $420 million dollars since 2015. The commission received more than 86,000 complaints related to online shopping issues. For more details Click here…
Related Story: Ask Yourself These 4 Questions Before Shopping Online