Explained: How big is the Bigbasket data breach?

THE INDIAN EXPRESS, NOVEMBER 09, 2020 

India’s top online grocer BigBasket has suffered a potential data breach resulting in personal information of over 20 million customers being allegedly sold on the dark web. This incident follows a series of data breaches that have impacted Indian companies.

When did the Bigbasket breach happen?

According to cybersecurity firm Cyble, which first made the details of the potential breach public, the alleged breach occurred on October 14. The firm said that it first detected the breach on October 30 and after validating the breach, it disclosed the breach to the Bigbasket management on November 1. The cybersecurity firm made the details of the breach public on November 7.

What BigBasket information has been leaked?

Cyble has claimed that personal information of as many as 20 million users such as full names, email IDs, password hashes (potentially hashed OTPs), pin, contact numbers (mobile and phone), full addresses, date of birth, location, and IP addresses of where users have logged in from have been put up for sale on the dark web for $40,000.

How to know if your data has been leaked on the dark web?

Cyble has listed a portal http://www.amibreached.com, where users can check if their personal information has been leaked on to the dark web. 

How has BigBasket responded?

In a statement, the Bengaluru-based firm said it was evaluating the extent of the breach and authenticity of the claim in consultation with cybersecurity experts and was finding “immediate ways to contain it”. The company has also filed a complaint with the Cyber Crime Cell in Bengaluru. “The privacy and confidentiality of our customers is our priority and we do not store any financial data including credit card numbers etc., and are confident that this financial data is secure. The only customer data that we maintain are email ids, phone numbers, order details, and addresses so these are the details that could potentially have been accessed,” it said.


What have been the previous cases of data breaches in India?

If one only goes by the information released by Cyble, there have been six cases of cyber breaches in India in the last one month alone. These include incidents at snacks manufacturer Haldiram Snacks Pvt Ltd, Indian wedding planning website Wedmegood, Indian Prime Minister’s personal website narendramodi.in, online matrimonial service Bharat Matrimony and Indian Railways’ online ticketing portal IRCTC. In addition to this, late last month, pharmaceutical major Dr Reddy’s Laboratories witnessed a cyber attack. Cyble, had, in August also reported a data breach at e-commerce company Paytm Mall.

LINK-https://indianexpress.com/article/explained/explained-how-big-is-the-bigbasket-data-breach-7026688/

Comments

Post a Comment

Popular posts from this blog

India Joins Russia in Voting Against West-Backed Move to Expand Powers of OPCW

The Wire: June 28, 2018 New Delhi: India voted against a UK-backed move that will allow the global chemical weapons watchdog to apportion blame for illegal attacks, criticising the decision to grant “unchecked powers” to the head of the group which could be used for “partisan” purposes. On Wednesday, more than two-thirds of the member states of the Organisation for the Prohibition of Chemical Weapons (OPCW) voted to authorise the international body to identify the perpetrators and sponsors of a chemical weapons attack. It also specifically called on the OPCW’s technical secretariat to begin work on identifying the perpetrators behind the use of chemical weapons in Syria. The draft decision, sponsored by 30 countries, was adopted at the fourth special session of the conference of the states parties to the Chemical Weapons Convention at the Hague, with 82 in favour and 24 negative votes. While Europe, the United States and their allies voted ‘yes’, there was strong oppo...
Read more

As financial insecurity rises in urban India, so does investment in insurance

Image
Scroll.in March 13, 2020 Urban Indians are becoming less confident about their financial security. Up to 58% of them fret over financial independence post retirement, which is a 4% increase from last year. An equal share of urban Indians worry about meeting their daily medical expenses and sustaining their current lifestyle once they stop working. The findings are part of a survey published by Delhi-based Max Life Insurance in association with London-based consultancy Kantar. The firms surveyed 7,014 respondents in 25 cities, including six metros, nine tier-1 cities, and 10 tier-2 cities, between December 2019 and January 2020. Source: Max Life Insurance via Quartz The trends Source: Max Life Insurance via Quartz Source: Max Life Insurance via Quartz Source: Max Life Insurance via Quartz A significant share of urban Indians also say their families will have no financial support in the event of the breadwinner’s death. In such a scenario, around 57% believe the family sav...
Read more

ED tracks Swiss Bank A/Cs of Agusta scamster

The Poineer February 10,2019 Rakesh K Singh The Enforcement Directorate (ED) has tracked a dozen Swiss bank accounts in the name of Rajiv Saxena, who is key accused in the Rs 3,600 crore AgustaWestland VVIP chopper scam. The ED has also found out accounts held by  his family members and associates where the kickbacks in the now scrapped deal were allegedly parked. Two bank accounts are in the name of Rajiv Saxena’s  associates Pankaj Jain and Sumita Jain who are also the authorised signatories. The  third is in the name of another associate Ajit Singh Bubber, but Rajiv and his family members are authorised signatories. The remaining nine accounts are largely owned and operated by Rajiv, his family members and associates. Rajiv Saxena was deported by the UAE authorities on January 30 and the ED formally arrested him the next day and a court later granted his remand to the agency. He is currently undergoing custodial interrogation by the ED. The agency had in 2017...
Read more