Online supermarket service BigBasket has landed itself in a controversy after personal data of its customer had been compromised and was being sold on the Dark web.
As per findings by US-based cyber intelligence firm Cyble, BigBasket seemed to have comprised sensitive data of over 2 crore users. The company in a statement confirmed that information like e-mail, contact number and order details have been compromised although no financial information has been leaked.
As a BigBasket user, how does the breach affect you, what kind of data has been compromised and what should you do now? Let’s try to answer some of these key questions.
What kind of data was compromised?
As per Cyble, the cybersecurity firm, the breach was detected on 31 October during a routine Dark web monitoring session. Cyble found that the database of BigBasket was on sale on the Dark web for $40,000.
The leak contained an SQL file 15GB in size with the personal data of almost 2 crore users. More specifically, this depository had names, email addresses, password hashes (known to be hashed OTPs), contacts, house addresses, date of birth, location, IP addresses among other data.
Cybe informed BigBasket about the breach a day after it was detected following which the online supermarket registered a complaint with the local police in Bengaluru.
As per BigBasket, no financial information like credit/debit card information has been compromised.
“The privacy and confidentiality of our customers are our priority and we do not store any financial data, including credit card numbers, and are confident that this financial data is secure,” the company said in a statement.
Could my data have been compromised as well?
Of course! If you have been using the BigBasket app to order groceries and other essentials, there is a possibility that your data has also been compromised.
Many customers create a profile of themselves on the app in order to make purchases more conveniently. This includes providing the app with your personal information. The fact that there has been a data breach at BigBasket means that your data could also be a part of the breach.
It’s is unlikely that you will be individually targeted by a hacker but it’s always good to make sure that you take necessary steps to change your banking credentials.
What do I need to do now?
Since the company has confirmed there has been a data breach you can always request them to tell you what kind of data has been compromised. A company is obliged to provide you with that information since it's your data.
You also need to:
- Change all passwords of banking platforms
- Monitor your bank account closely
- Accept the breached company’s help
Since many people store their debit/credit card information on the app in order to make quick transactions, it best recommended that you change your password and remove sensitive financial information from the app like debit or credit card numbers or CVV.
Even if you want to keep that information on the app, make sure to activate two-factor authentication for every transaction.
You also need to monitor your banking accounts closely for any suspicious transaction for at least a couple of weeks after the breach.
Also, keep the app updated to the latest firmware and track news and updates from the company’s side whether they are offering any fix for the problem. There are often times when companies communicate such messages to the customers.
Is there any way I can avoid my data being breached?
There’s nothing individual users can do about a data breach.
Technically a data breach like the BigBasket one happens at an organisational level where hackers gain access to user data of millions of users. Since you are just a user, you cannot control the operations and the cybersecurity infrastructure of the company.
If a data breach happens, it’s the responsibility of the company to inform all of its users immediately and then you can follow the necessary steps (as mentioned above) in order to safeguard your personal data.
(At The Quint, we question everything. Play an active role in shaping our journalism by becoming a member today.)