User Data For Sale: What Happened At BigBasket’s Data Breach?
Several cyberattacks have been happening this year. What happened in the recent one and how can people protect themselves from these attacks?
What Happened?
According to U.S-based cybersecurity intelligence firm Cyble, BigBasket has faced a potential data breach. During the course of Cyble’s Dark web monitoring, it was found that the database of Big Basket has been put for sale in a cyber-crime market for over $40,000.
The leaked data includes full names, email IDs, password hashes (potentially hashed OTPs), pin, contact numbers (mobile + phone), full addresses, date of birth, location, and IP addresses of login among many others. Cyble says that the leaked data consists of nearly 20 million user data and the size of the SQL file is ~ 15 GB.
Dark Web?
This is a lot of information to process and the one thing that we should know is that the personal information of over 2 crore BigBasket users are up for sale in the dark web and that is definitely a scary thing. But what is the dark web?
The dark web is a subset of the deep web that is intentionally hidden. Wait. What is the deep web? Deep web refers to anything on the internet that is not indexed by and, therefore, accessible through a search engine like Google. Deep web content includes anything behind a paywall or requires sign-in credentials. Some of the examples of deep web content are medical records, fee-based content, membership websites and confidential corporate web pages.
However, the dark web is a completely different thing altogether. You need a specific browser — Tor — to access it. One thing that you should keep in mind is that not all the dark web is used for illegal purposes. On the other hand, the dark web can make it easier to commit some of the worst crimes.
In 2016, Daniel Moore and Thomas Rid made an attempt to find out how much of the dark web is about illegal activity. They identified 5,205 sites, nearly 48% apparently inactive and containing no content. Of those that seemed active, nearly over half appeared illicit, hosting a widely diverse set of illicit activities.
On the top of the list, 423 sites were apparently trading or manufacturing illegal drugs, 327 sites apparently facilitated financial crime. Moore and Rid found 140 sites “espousing extremist ideologies” or “support for terrorist violence”, 122 sites contained pornography. There were also a smaller number of hacking tools and marketplaces and 17 sites claiming to provide hitmen for hire or facilitating violence in other ways.
BigBasket Is Not Alone
Just like BigBasket, other companies have faced the same situation. On May 1, 2020, a hacking group called ShinyHunters emerged with a sample of 15 million customer data records stolen from Tokopedia, an Indonesian e-commerce site. Two days later, the hackers started selling what it claimed was the full trove of 91 million Tokopedia user accounts on the popular dark-web marketplace Empire. On the same day, ShinyHunters also started selling a trove of around 22 million user accounts taken from Unacademy, the Indian ed-tech startup.
On May 6, ShinyHunters claimed to have stolen more than 500 GB of Microsoft source code from the firm’s private GitHub account. The following week, the group said that it had data from 10 more sites, including dating app Zoosk, meal kit company Home Chef, design-focused marketplace Minted, Minnesota’s Star Tribune newspaper, health and wellness site Mindful, photo printing service Chatbooks and the web publication Chronicle of Higher Education.
And all the breaches are claimed to have been done by one group only. If we dig through all the data breaches that happened in 2020 alone, this article would be at least 15 pages long.
Zooming Out
In a statement made by BigBasket, published in Business Standard, the company has said, “The privacy and confidentiality of our customers are our priority and we do not store any financial data, including credit card numbers, and are confident that this financial data is secure”. The company has lodged a complaint with Bengaluru’s cybercrime cell and is analysing the extent of the breach and authenticity of the claim in consultation with cybersecurity experts.
However, we want to point out that data breaches are becoming a massive problem. So, how can you protect your data? Cyble has recommended some tips on their website and they are as follows:
In conclusion, we hope that BigBasket deploys more measures to keep the customers’ personal information safe and we also want you to implement some of the above-mentioned tips in your daily life so that you can access the internet safely.
Head to moneyguru’s Insight section to stay updated on all major financial news updates of the day!
