With partial lockdown imposed in almost all states, many have resorted to online delivery channels for daily essentials. This has given cyber thieves and hackers an opportunity to break into servers and steal personal information of online users. In October 2020, India’s top online grocer Big Basket’s delivery platform was hacked which resulted in personal information of 20 million users being stolen. The hacker group identified as Shiny Hunters has now released this data for free on a hacker forum.
As per the hackers, the leaked data of 20 million users comprises of their name, email, password, address, phone number, order details and other relevant information.
Big Basket Data Breach in 2020
As per a detailed report published Cyble, a global threat intelligence SaaS provider, the alleged Big Basket data breach first happened in October 2020. Cyble was the first to notice the break during its routine Dark Web Monitoring. At that time, the data was available for purchase for $40,000. Cyble was quick to validate the data, and had immediately informed Big Basket about the massive data breach. At that time, Big Basket has asked the intelligence agency to not make the news public.
Cyble was not happy with the decision and advised Big Basket to inform the customers as they had the right to know about the breach. It was then the VP-Engineering, Big Basket, has approached Cyble for support and service, but the latter refused to help citing high-risk engagement, however, agreed to provide free/non-obligatory services at the same time.
It was only in November that Big Basket issued a disclosure statement on its official social media platforms and said that as the company has been using OTP for login, and that the users didn’t need to update or change the password. The company, however, stayed away from informing the public about the leak of other information like name, address, and phone number.
It is not the first-time tech-enabled companies have fallen into the vicious trap of hackers. Most recently, Dominos had become a victim of data breach, where credit card details of 1 million users were compromised at the time. Even widely used social media platforms like LinkedIn and Facebook have also been the targets of such malicious attacks.