It seems like BigBasket, the online grocery store, had to recently divert its attention from its financing-round woes to do damage control from a severe and colossal setback.
According to Cyble, which is a cyber intelligence firm, the e-grocer startup has been the latest victim of cyber attack in India wherein the data of 2 crore users have been uploaded on the dark web.
Cyble has informed that the leaked data is of sensitive nature and includes details such as email addresses, phone numbers, full names, location addresses, password hashes and more. This data is now available on a dark web portal for sale with a price tag of $40,000 or approximately Rs. 30 lakhs.
In a blog post disclosing about the BigBasket breach in details, the cyber intelligence group mentioned how during their routine dark-web monitoring checks, the research team discovered this newly uploaded database from the Indian e-grocer. They also mentioned that the size of the database is ~ 15 GB and happens to contain very specific information about the users.
Cyble said that the SQL file, apart from the more critical details mentioned above, the database also has the date of birth of users, IP addresses from where they login and hashed OTPs.
BigBasket taking note of the same immediately proceeded to file a police complaint at the Bengaluru Cyber Cell and is currently busy trying to fix this unexpected breach.
Also, even though Cyble has informed that several names and addresses of people from the breach have already been exposed on the dark web, the e-grocer claimed that their financial data is albeit safe.
BigBasket, like several other companies, allows the user to save their debit/credit card information for ease of future purchases. Thus, how likely this information is to remain safeguarded is a question that remains unanswered.
It is however well known that a threat actor with the required expertise can definitely extract a user’s financial information with the magnitude and type of information that the breach was able to compromise.
BigBasket, in a statement about the data breach, commented that they learnt about the breach a few days ago. Since then, they have been actively evaluating the authenticity of the claim along with consulting cybersecurity experts on fixing the damage.
The Bengaluru-based e-grocer also said that they don’t maintain any other data except email IDs, phone numbers, order details, and addresses thus only these could have potentially been accessed.
BigBasket Data Breach: Fundraising Deals To Go Awry?
Now, as because this breach was a display of the BigBasket glaring security loopholes, it could do a lot of damage to its fundraising aspirations besides the damage that it has already done to its users.
To combat the quickly expanding Reliance e-grocery venture JioMart, BigBasket has long been in talks with several investors for raising $350-400 million. They also knocked on the doors of Tata Group, who was last reported to be willing to buy a 50% stake in BigBasket for close to $1 billion.
However, now, after this breach, it could very well be expected that many investors, including the big fish Tata Group, might just choose to back out from the ongoing discussions. Therefore, it makes sense for BigBasket to hit pause on all their other activities and first put out the ongoing fire.
All in all, what will be the state of their fundraising aspirations post this massive data breach is anybody’s guess right now. We will keep you updated on all future developments. Until then, stay tuned.