Grocery e-commerce platform Bigbasket has faced a potential data breach which could have leaked details of its around 2 Cr users, according to cyber intelligence firm Cyble.
The company has filed a police complaint in this regard with Cyber Crime Cell in Bengaluru and is verifying claims made by cyber experts.
Cyble said that a hacker has put data allegedly belonging to Bigbasket on sale for around ₹30 lakh.
"In the course of our routine dark web monitoring, the research team at Cyble found the database of Big Basket for sale in a cyber crime market, being sold for over USD 40,000. The leak contains a database portion; with the table name 'member_member'. The size of the SQL file is about 15 GB, containing close to 20 Mn user data," Cyble said in its blog.
It added the data put on sale includes names, email IDs, password hashes, contact numbers (mobile and phone), addresses, date of birth, location, and IP addresses of login among many others.
While Cyble has mentioned "passwords", the company uses a one-time password sent through SMS which keeps on changing every time a user logs in.
"A few days ago, we learnt about a potential data breach at bigbasket and are evaluating the extent of the breach and authenticity of the claim in consultation with cybersecurity experts and finding immediate ways to contain it. We have also lodged a complaint with the Cyber Crime Cell in Bengaluru and intend to pursue this vigorously to bring the culprits to book," Bigbasket said in a statement.