In a massive data breach, data of over 2 crore BigBasket users, including their names, email IDs, password hashes, pin, and contact numbers, among others, was leaked and is being sold on the dark web, reported cybersecurity firm Cyble. The database was reportedly being sold for around ₹29.5 lakh ($40,000). BigBasket has meanwhile, according to several news reports including by Entrackr and IndiaToday, acknowledged the breach. The e-commerce website claimed that it does not store financial data of customers, and is confident that this data is secure. It claimed to have lodged a complaint with the Cyber Crime Cell in Bengaluru. According to Cyble's report, the size of the leaked database file was over around 15 GB, containing data of nearly 2 crore users. "More specifically, this includes full names, email IDs, password hashes (potentially hashed OTPs), pin, contact numbers (mobile + phone), full addresses, date of birth, location, and IP addresses of login among many others," the blog post read (emphasis theirs). The breach potentially went unnoticed for over two weeks; it reportedly happened on October 14, but was detected by Cyble only on October 30. The company then disclosed the breach to BigBasket on November 1. BigBasket told media outlets that it will pursue the matter "vigorously to bring the culprits to book". It told Entrackr in an emailed statement that it does not store financial data. However, it admitted that its other customer datat — email ids, phone numbers, order details, addresses and so on — could potentially have been…
