The famous platform for grocery shopping, BigBasket, seems like the latest target of cyberattacks in India.
As per the US-based cybersecurity intelligence firm Cyble, BigBasket got hit, and the information of over 20 million customers on the dark web was put out for sale. The data is being sold for USD 40,000. It includes full names, email IDs, password hashes (potentially hashed OTPs), contact numbers, PIN, addresses, date of birth, IP addresses of login, location, and other bits of information, as mentioned in a Cyble blogpost.
BigBasket is a Bengaluru, India-based start-up that has complained to the city’s cybercrime cell. It is focused on evaluating the extent of the breach and authenticity of the claim basis the consultation with cybersecurity experts. Cyble’s blog post revealed that the alleged breach occurred on October 14; the BigBasket team was intimated about this on November 1.
“The privacy and confidentiality of our customers are our priority and we do not store any financial data, including credit card numbers, and are confident that this financial data is secure,” said the Alibaba-backed company in a statement.
When there is a uniformity of opinions that data is a critical asset that can be improvised and helps increase profits, it should be treated as tradeable assets. In India, the average cost of a breach is marked at about INR 14 crore in 2020, which is also an increase of 9.4% from the last year.
The report also added that the three root causes of a data breach are system glitches, malicious attacks, and human error across the nation.
“The only customer data we maintain are email IDs, phone numbers, order details, and addresses so these are the details that could potentially have been accessed. We have a robust information security framework that employs best-in-class resources and technologies to manage our information,” it added.
“Instead of treating it as a commodity that needs to be hidden behind large security measures, the industry and regulatory bodies need to move towards treating data as a tradeable asset and data economy infrastructure wherein consumers will be more comfortable and slightly richer and data pirates have less of an incentive to breach and sell it,” said Ankit Chaudhari, Chief Executive Officer and Founder, Aiisma, a data marketplace.
“Or else security will keep becoming expensive and hackers sophisticated, a scenario in which neither consumer nor company wins,” Chaudhari added.