BigBasket Data Breach: Security Compromises for Over 20 Million Users

Security Breach Disclosure

BigBasket, a prominent e-grocery startup in India, recently revealed a significant data breach impacting approximately 20 million users. The breach was highlighted in a blog post by cybersecurity research firm Cyble, which uncovered the sale of BigBasket’s database in the cyber-crime market for over $40,000.

BigBasket’s Response and Investigation

Acknowledging the breach, BigBasket stated that it is actively assessing the extent of the breach and consulting with cybersecurity experts to verify the claim. The company has lodged a complaint with the Cyber Crime Cell in Bangalore and is pursuing measures to contain the breach and identify the perpetrators.

Potential Data Exposed

According to Cyble, the compromised data may include sensitive information such as users’ full names, email IDs, hashed passwords (potentially hashed OTPs), PINs, contact numbers, addresses, date of birth, location, and IP addresses associated with logins.

Assurance on Financial Data Security

While confirming the breach’s impact on email IDs, phone numbers, order details, and addresses, BigBasket reassured users that their financial data, including credit card numbers, remains secure and undisclosed. The company emphasized its robust information security framework and ongoing engagement with cybersecurity experts to strengthen security measures.

E-Grocery Market Vulnerabilities

The data breach comes at a time when the e-grocery market, including BigBasket and Grofers, has witnessed a surge in demand during the COVID-19 lockdown. This incident underscores the vulnerabilities faced by online grocery retailers amid heightened digital activity and cyber threats.

Previous Instances and Industry Response

Notably, BigBasket isn’t the sole e-grocery player targeted by hackers. Another hyperlocal delivery startup, Dunzo, reported a breach affecting 3.4 million users during the lockdown. Dunzo attributed the breach to compromised servers of a third party it collaborated with, emphasizing no compromise on payment data.

Strategic Moves Amid Challenges

Amidst the breach fallout, BigBasket is reportedly engaging in discussions with the Tata Group for a potential investment, signifying its strategic ambitions and resilience in navigating challenges. The investment talks align with BigBasket’s objective to bolster its operations and meet escalating online grocery demand, highlighting the dynamic landscape of the digital retail sector.