According to US-based cyber intelligence firm Cyble, e-commerce firm BigBasket faced a potential data breach which could have leaked details of its around 2 crore users, reported news agency PTI.
The company has also filed a police complaint in this regard with Cyber Crime Cell in Bengaluru.
“A few days ago, we learnt about a potential data breach at BigBasket and are evaluating the extent of the breach and authenticity of the claim in consultation with cybersecurity experts and finding immediate ways to contain it. We have also lodged a complaint with the Cyber Crime Cell in Bengaluru and intend to pursue this vigorously to bring the culprits to book,” BigBasket said in a statement.
According to Cyble, data including names, email IDs, password hashes, contact numbers, addresses, date of birth, location, and IP addresses of logins, were put on sale in a cyber crime market for around Rs 30 lakh.
However, the company has stressed on its priority to keep customer data private and confidential. It also clarified that it does not store any financial data, including credit card numbers etc.
"The only customer data that we maintain are email IDs, phone numbers, order details, and addresses so these are the details that could potentially have been accessed. We have a robust information security framework that employs best-in-class resources and technologies to manage our information. We will continue to proactively engage with best-in-class information security experts to strengthen this further," Bigbasket stated.
The breach occured on 30 October according to Cyble and BigBasket was informed on 1 November.
(At The Quint, we question everything. Play an active role in shaping our journalism by becoming a member today.)