Data of virtually 20 million BigBasket customers leaked from November 2020 hack

Hackers have uploaded personally identifiable knowledge of round 20 million customers belonging to on-line grocery platform BigBasket on the web. The hack was first reported by cybersecurity agency Cyble in November final yr, which mentioned that the hackers had put up the info on the market for Rs 30 lakh. About 50 totally different knowledge factors comparable to telephone numbers, e-mail IDs, passwords, supply addresses, order particulars comparable to final order date, order worth, variety of instances ordered, and so on. has been leaked by hackers.
The incident has come at a time when BigBasket is within the strategy of being acquired by salt-to-software conglomerate Tata group, and is awaiting a nod from the Competition Commission of India (CCI).
Last yr, when the hack was reported, the corporate mentioned that it had filed a police grievance in with Cyber Crime Cell in Bengaluru and was verifying claims made by cyber consultants.
On Monday, the corporate mentioned in an announcement: “This article/social media post refers to an alleged data breach in Nov-2020 and not something that has happened recently. The reason we know it’s not recent is that the article /social media post mentions the release of hashed passwords. We had eliminated all hashed passwords from our system and moved to a secure OTP-based authentication mechanism quite some time back. Also, our site does not collect or store any sensitive personal data of customers like credit card details. So customer data continues to be safe and no further action needs to be taken by customers”.

Indian companies have lately witnessed a number of knowledge breaches. Earlier this month, retail broking firm Upstox had alerted clients of a safety breach that included contact knowledge and KYC particulars of consumers.
Prior to that, final month, hackers had claimed breaching the client database of e-wallet agency MobiKwik.
India doesn’t have a strong mechanism for person knowledge safety and penal actions, if any, in instances of information breaches. The Personal Data Protection Bill, which is claimed to comprise provisions coping with the identical, has been pending in Lok Sabha since 2019.

A Joint Parliamentary Committee, which was initially alleged to submit its report on the Bill by March, has sought extension until the primary week of Parliament’s Monsoon session.
In the absence of the Bill, the Information Technology Act of 2000 and the foundations made in 2011 kind a regime of information safety, which a number of consultants have mentioned are insufficient.