BigBasket Suffers Breach, Data Of Users Put Up For Sale Online For Rs. 30 Lakh

One of India’s foremost startups has seen its entire user data be put up for sale online.

Cyber intelligence firm Cyble has said that the data of 2 crore BigBasket users is currently up for sale on the dark web for $40,000 (Rs. 30 lakh). The leak contains a database portion with the table named ‘member_member’. The size of the SQL file is ~ 15 GB, and contains close to 20 million user data rows. The leaked data includes full names, email IDs, password hashes (potentially hashed OTPs), pin, contact numbers (mobile + phone), full addresses, date of birth, location, and IP addresses of login among other data.

The breach reportedly occurred on 14th October. BigBasket has filed a police complaint with Cyber Crime Cell in Bengaluru over the breach. “A few days ago, we learnt about a potential data breach at BigBasket and are evaluating the extent of the breach and authenticity of the claim in consultation with cybersecurity experts and finding immediate ways to contain it. We have also lodged a complaint with the Cyber Crime Cell in Bengaluru and intend to pursue this vigorously to bring the culprits to book,” BigBasket said in a statement.

BigBasket has said that it does not store any financial data including credit card numbers, and is confident that this financial data is secure.

The breach comes at a time when BigBasket is in talks with the Tata Group to sell a majority stake in the company. The Tata Group is building its own super-app, and a grocery play could be the keystone that ties its different e-commerce offerings together — grocery delivery is a high-frequency use-case, and customers once accustomed to ordering on your platform can then be nudged into making other higher-value purchases. As such, the data of BigBasket’s user-base could be seen to be a valuable component of its business proposition.

BigBasket isn’t the only major Indian startup to have been hacked in recent times. Previously, hackers have similarly breached companies like Zomato, Dunzo, and Paytm Mall, with their user data being similarly put up for sale on the internet.