BigBasket, the e-grocery startup which Tata Group is eyeing, admits a data breach of over 20 million users

• BigBasket faced a security breach, which ended up compromising the data of almost 20 million users.
• The blog by cybersecurity research firm Cyble said that their research team found the database of BigBasket being sold for over $40,000 in the cyber-crime market.
• However, BigBasket isn’t the first grocery retail startup to have come under the target of hackers. Hyperlocal delivery startup Dunzo too was targeted in July 2020.
• BigBasket is also reportedly in talks with the Tata Group for an investment, where the 152-year old conglomerate could pick up a 50% stake in the online grocery retail startup.

One of India’s popular e-grocery startups, BigBasket, has faced a security breach that compromised the data of almost 20 million users. The blog by cybersecurity research firm Cyble said that their research team found the database of BigBasket being sold for over $40,000 in the cyber-crime market.

BigBasket admitted that a breach had happened and that it is currently evaluating the same. “A few days ago, we learnt about a potential data breach at Bigbasket and are evaluating the extent of the breach and authenticity of the claim in consultation with cybersecurity experts and finding immediate ways to contain it. We have also lodged a complaint with the Cyber Crime Cell in Bangalore and intend to pursue this vigorously to bring the culprits to book,” said the company spokesperson. However, an IANS report said that the complaint had not been confirmed by the Cyber Crime Cell.

Cyble said that the hacked data could mean that crucial information like users’ full names, email IDs, password hashes (potentially hashed OTPs), pin, contact numbers (mobile + phone), full addresses, date of birth, location, and IP addresses of login could have been leaked.

BigBasket acknowledged that the hackers could have accessed email ids, phone numbers, order details and addresses, but the financial data, including credit card numbers, remains confidential and secure. “We have a robust information security framework that employs best-in-class resources and technologies to manage our information. We will continue to proactively engage with best-in-class information security experts to strengthen this further,” said the company.

BigBasket is the second online grocery retailer to be targeted

BigBasket has come under the hackers’ scanner at a time when the e-grocery market has gained popularity during the coronavirus lockdown. BigBasket, along with Grofers, has been one of the key players in the segment – BigBasket saw a 3-6 fold increase in demand, its CEO Hari Menon had said on Twitter in April.

However, BigBasket isn’t the first grocery retail startup to have come under the target of hackers. During the coronavirus lockdown, another hyperlocal delivery startup – Dunzo had reported a breach in its user data. In July 2020, the personal data of 3.4 million users of Dunzo was exposed.

“Our investigation so far suggests that the servers of a third party we work with were compromised. This allowed the attacker to get unauthorized access and breach our database. This database contained a user phone number and email address information. No payment information like credit card numbers was compromised as we do not store this data on our servers,” Dunzo had said in a statement then.

BigBasket’s big ambitions

Meanwhile, BigBasket is also reportedly in talks with the Tata Group for an investment, where the 152-year old conglomerate could pick up a 50% stake in the online grocery retail startup. According to reports, BigBasket was also looking to raise $300-$400 million in funds as demand grew for online grocery.

SEE ALSO:
Top cyber espionage groups that have India in their crosshairs
Paytm aims to disburse ₹1000 crore in small loans by March – that's twice as much as last year