BigBasket, a well-known Indian online grocery store, was a victim of a cyberattack that resulted in a massive user data loss. US cybersecurity firm Cyble first reported the incident in a blogpost, saying hackers managed to steal sensitive information of millions of users, including emails. Addresses, phone numbers, dates of birth, and IP addresses. The perpetrators then sold the data on the dark web for more than $40,000. Hari Menon, the platform’s co-founder and CEO, confirmed the news, saying the company “filed a case with the cybercrime police.” He did not give many details about the scale of the attack, though, because it might hamper the ongoing investigation.
Cybel researchers discovered BigBasket’s database for sale on the darknet during routine monitoring. The stolen file was approximately 15GB in size and contained around 20 million user data. According to the research, the attack took place on October 14 and was picked up by Cybel’s team on October 30. After validating the breach, the company informed BigBasket on November 1, then disclosed it publicly on the 7th. Online grocery and food stores witnessed a surge in customers during the COVID-19 pandemic, with people preferring to shop from home because it’s safer and more convenient.
Unfortunately, online shopping websites require many personal information from their clients for a better service, such as credit card credentials. They store the data on their databases for easy reference. That makes these platforms an essential target for cybercriminals. BigBasket is one of India’s biggest online shops, boasting well-known investors like Alibababa, Mirae Asset-Naver Asia Growth Fund, and the UK government-owned CDC group. It has a valuation of almost $2 billion. So when hackers breached its systems, they scored big.
Anonymity tools like VPNs increase your cybersecurity and privacy by encrypting your traffic and masking your IP address. TheVPN.Guru offers unbiased reviews to the biggest VPNs in the industry and guides to unblock geo-restricted content.