Big Basket data of around two crore people have been put up for sale on the dark web.

E- grocery firm BigBasket has admitted to a potential breach of its customer data, and said that they were trying to find the extent of the breach.

E- grocery firm BigBasket has admitted to a potential breach of its customer data, and said that they were trying to find the extent of the breach.Leading e-grocery platform BigBasket has faced a data breach, which could have leaked details of its two crore users, according to news agency IANS.

Most online stores require our personal details, such as Credit or Debit card details for easy transactions, along with our residential address and mobile number, to deliver products purchased. These details are stored in their databases for easy reference next time one decides to avail the services.

In the course of a routine Dark web monitoring, cyber intelligence firm Cyble found that the database of Big Basket is for sale in a cyber-crime market and is being sold for over $40,000. The size of the SQL file is ~ 15 GB. This includes full names, email IDs, password hashes (potentially hashed OTPs), pin, contact numbers (mobile + phone), complete addresses, date of birth, location, and IP addresses of login, among many others, reported Cyble.

Big Basket currently provides services in Bangalore, Hyderabad, Mumbai, Pune, Chennai, Delhi, Noida, Mysore, Coimbatore, Vijayawada-Guntur, Kolkata, Ahmedabad-Gandhinagar, Lucknow-Kanpur, Gurgaon, Vadodara, Visakhapatnam, Surat, Nagpur, Patna, Indore, and Chandigarh Tricity city.

In a statement, BigBasket admitted to the potential breach and told IANS that it had filed a police complaint with Bengaluru's cybercrime cell. It further said that it was assessing the extent of the breach. They further said that they intend to bring the culprits to book. The company said the privacy and confidentiality of customers is a priority, and it does not store any financial data, including credit card numbers, and is confident that this financial data is secure. ‘The only customer data that we maintain are email IDs, phone numbers, order details, and addresses, so these are the details that could potentially have been accessed.’

The company has been funded by Alibaba Group, Mirae Asset-Naver Asia Growth Fund, and the UK government-owned CDC group. It has a valuation of around $2 billion, providing services to consumers to choose from over 18,000 products from over 1000 brands to be delivered at their doorstep.