Security News

Data of 20 Million Online Supermarket Customers Selling on Dark Web

The data of 20 million users of India's biggest online supermarket, BigBasket, has been discovered for sale on the dark web.

The discovery was made during routine 'dark web monitoring' by the Research team at cybersecurity firm Cyble, which found the database selling for over $40,000.

"The size of the SQL file is ~ 15 GB, containing ... full names, email IDs, password hashes (potentially hashed OTPs), pin, contact numbers (mobile + phone), full addresses, date of birth, location, and IP addresses of login among many others," said Cyble on their blog.

BigBasket, which saw its sales double during February - July this year and is valued at $2 billion, said that the financial data of users is safe.

It's believed a breach of the BigBasket website took place on October 14 this year. Cyble uncovered the breach on Oct. 30 and informed BigBasket on November 1, before going public a week later.

"We are evaluating the extent of the breach and authenticity of the claim in consultation with cybersecurity experts and finding immediate ways to contain it," said BigBasket in a statement. "We have a robust information security framework that employs best-in-class resources and technologies to manage our information."

BigBasket have reported the incident to India's Cyber Crime Cell and "intend to pursue this vigorously to bring the culprits to book."

+ + +

Thanks for visiting SecAlerts and reading this story. We offer a free weekly CVE alert service, or an hourly service from $US20/mth, both of which include software updates and news relating to your software stack. Join more than 1,300 other users and sign up.

. . .

If you want to stay notified of vulnerabilities that affect you, register for a weekly security report customised to your stack.

Get weekly security news and vulnerability alerts

Join over 1,000 others receiving a free weekly report with a round-up of vulnerabilities and security news customised to your software stack. See an example email

Example email for SecAlerts

Earlier: