Bigbasket Data Breach Download

The thing about data leaks at technology companies is that they almost always cause damage that often has a lingering impact long after the incident happens and is indeed fixed. The most recent case in point being the BigBasket data leak that has now exposed data of some users of Flipkart and potentially other internet platforms. And this has come to light, almost seven months after it was initially discovered.

In November last year, BigBasket was reported to have faced a potential data breach that leaked details of around 2 Cr users. The data was put up for sale for around INR 30 Lakh and in April this year, the data was leaked online. And now, many users who have been impacted in that alleged breach/leak, have complained that their Flipkart accounts are being hijacked.

Download File 🔥 https://shurll.com/2y2DeX 🔥

According to independent cybersecurity researcher Rajshekhar Rajaharia, the screenshot alleged to be Flipkart data is the same data that was leaked in late April 2021 after the BigBasket breach. This data has now been repurposed by nefarious players and passed off as Flipkart credentials, Rajaharia told Inc42. He also claimed that Telegram groups selling such data have been seen in the past few days.

Such denials are simply not enough from the point of view of consumers and end-users. When systems are compromised in a hyperconnected ecosystem, the ripple effect often is far and wide. This is why data leaks that compromise passwords can be so damaging to the fabric of internet safety. India is still not close to a data protection law as the Personal Data Protection Bill is still to be tabled. With no law to mandate data leak disclosures and regulate the resolution of such incidents, companies get leeway to keep pulling the wool over the eyes of consumers.

BigBasket database of over 20 million customers has allegedly been leaked on the dark Web, months after the online grocery delivery platform confirmed a data breach. The alleged database includes the email addresses, phone numbers, and hashed passwords of the affected customers. The data also allegedly carries physical addresses and date of birth of BigBasket users. Although the database that is available for free access on the dark Web includes user passwords in an encrypted form, another hacker has claimed to have decrypted some of the leaked passwords.

The alleged BigBasket database has been put on the dark Web by a hacker group infamously known as ShinyHunters. It includes details such as the email addresses, names, date of birth, and phone numbers.

ShinyHunters made the alleged BigBasket database available for download on the dark Web over the weekend. It included hashed passwords of the affected customers. However, some passwords in plain text are now also put on sale on the dark Web.

This article / social media post refers to an alleged data breach in Nov-2020 and not something that has happened recently. The reason we know it's not recent is that the article /social media post mentions the release of hashed passwords. We had eliminated all hashed passwords from our system and moved to a secure OTP-based authentication mechanism quite some time back. Also, our site does not collect or store any sensitive personal data of customers like credit card details. So customer data continues to be safe and no further action needs to be taken by customers.

"In the course of our routine dark web monitoring, the research team at Cyble found the database of Big Basket for sale in a cyber crime market, being sold for over USD 40,000. The leak contains a database portion; with the table name 'member_member'. The size of the SQL file is about 15 GB, containing close to 20 million user data," Cyble said in its blog.

"A few days ago, we learnt about a potential data breach at bigbasket and are evaluating the extent of the breach and authenticity of the claim in consultation with cybersecurity experts and finding immediate ways to contain it. We have also lodged a complaint with the Cyber Crime Cell in Bengaluru and intend to pursue this vigorously to bring the culprits to book," Bigbasket said in a statement.

The company said that the privacy and confidentiality of customers is priority and it does not store any financial data including credit card numbers etc and is confident that this financial data is secure.

"The only customer data that we maintain are email IDs, phone numbers, order details, and addresses so these are the details that could potentially have been accessed. We have a robust information security framework that employs best-in-class resources and technologies to manage our information. We will continue to proactively engage with best-in-class information security experts to strengthen this further," Bigbasket said.

The cyber intelligence firm said on October 31, Cyble validated the breach through "validation of the leaked data with BigBasket users/information", and on November 1, "Cyble disclosed the breach to BigBasket management".

Perhaps, Munjal has much else on his mind right now. As recently as September, Unacademy raised $150 million from SoftBank at a valuation of $1 billion. News reports of the data breach at Unacademy started to do the rounds in May. Much like Dunzo that has been in fundraise mode since August.

But the difference is that when entities in other parts of the world are faced with such situations, they go public about it and inform their customers about the breach. Technology professionals in markets such as Singapore, the UK, and the EU work with this principle.

Data protection laws in these countries makes it a regulatory obligation for an entity to inform individual consumers that their data has been compromised. Failure to comply can lead to harsh outcomes that can lead to prison terms for those who are delegated to ensure data confidentiality.

This absence of a personal data protection law allows companies such as BigBasket and Paytm to get away without informing individual customers about a breach. While both entities can argue no sensitive information was leaked, that argument is a specious one. Because there is a market for this data.

In the rising string of data leaks and attacks on Indian organizations, BigBasket is the latest victim of threat actors. BigBasket, one of the largest online grocery suppliers in India, was under a data breach. It's database of 20 million users had been leaked online on the dark web by a notorious group of hackers, ShinyHunters. The data leak includes details of the users like names, email addresses, date of birth, and phone numbers. BigBasket has acknowledged that the data leak took place last November. BigBasket, headquartered in Bangalore, is a grocery delivery service operating since 2011, founded by Hari Menon, V.S. Sudhakar, Vipul Parekh, Abhinayss Choudhari and V.S. Ramesh.

The leaked dataset in question includes user's names, SHA-1 hashed passwords, address, emails, phone numbers, IP address besides other details as shown in the image above. Furthermore, it also includes phone numbers and other details of many famous personalities as well who are possibly users of Big Basket.

In the unfortunate turn of events during the pandemic, the cyberattacks on Indian organizations have been increased by a whopping 845%. It has become critical for organizations to build a robust cybersecurity strategy for seamless business operations and safeguard their prestige. The cybercriminals have disrupted the progression of organizations, from leaking highly confidential blueprints to breaching the entire database and demanding exorbitant ransoms. Even the industry giants have fallen into their attack vectors. If you want to build a robust cybersecurity strategy for your business, please write to us at solutions@bizcarta.io.

First, under the Data Protection Rules, a body corporate needs to be negligent in maintaining its security practices for the penalty to kick in. Bigbasket will probably argue that the breach happened despite its top-notch security practices. There was no negligence.

Here\u2019s a simple explanation. Everything you do on a platform like Facebook generates data. Name, age, location, likes, comments, phone model \u2013 Facebook knows it all. This data allows the platform to show you targeted ads.

Second, for compensation, the leaked data should be SPI like passwords, financial information, sexual orientation, and biometric information. PI such as phone number, address, and email ID doesn\u2019t make the cut. Bigbasket claims that no SPI was breached. So, no compensation.

As per Cyble, the cybersecurity firm, the breach was detected on 31 October during a routine Dark web monitoring session. Cyble found that the database of BigBasket was on sale on the Dark web for $40,000.

Many customers create a profile of themselves on the app in order to make purchases more conveniently. This includes providing the app with your personal information. The fact that there has been a data breach at BigBasket means that your data could also be a part of the breach.

Since the company has confirmed there has been a data breach you can always request them to tell you what kind of data has been compromised. A company is obliged to provide you with that information since it's your data.

Technically a data breach like the BigBasket one happens at an organisational level where hackers gain access to user data of millions of users. Since you are just a user, you cannot control the operations and the cybersecurity infrastructure of the company.

As per findings by US-based cyber intelligence firm Cyble, BigBasket seemed to have comprised sensitive data of over 2 crore users. The company in a statement confirmed that information like e-mail, contact number and order details have been compromised although no financial information has been leaked. ff782bc1db