eCommerce grocery giant, Big Basket has suffered a cyberattack. The US-based cybersecurity intelligence firm Cyble has stated that the information of more than 20 million users is found on the dark web for sale. Also, the Cyble blogpost has stated that the data has been sold for about $40,000 the information includes full name, email ids, PIN, password hashes (potentially hashed OTPs), contact numbers, addresses, date of birth, IP addresses of login, location, amongst other details.
The company has lodged a complaint with the cybercrime cell and is evaluating the extent of the breach and authenticity of the claims in consultation with cybersecurity experts.
In a statement, the company states, “The privacy and confidentiality of our customers are our priority and we do not store any financial data, including credit card numbers, and are confident that this financial data is secure. The only customer data we maintain are email IDs, phone numbers, order details, and addresses so these are the details that could potentially have been accessed. We have a robust information security framework that employs best-in-class resources and technologies to manage our information.”
Furthermore, the Cyble blogpost has estimated that the alleged cyber-attack has occurred on October 14 and the company has complained about it on November 1. But, the experts say that online commerce has simplified our lives and this convenience at times cost us a lot.
Similarly, the Hyderabad-based pharmaceuticals company Dr Reddy's has also to a victim to the cyber-attack last month consequently, it had to close its plants across the globe post the data breach on its servers. In May, Unacademy had also become the target of cyber-attack with the data of over 20 million users found to put on sale on the dark web.
However, the experts believe that the data is a critical asset that could aid in intensifying business outreach and to boost its profits, thus, it should be treated as a tradeable asset.
Ankit Chaudhari, Chief Executive Officer and Founder, Aiisma, a data marketplace says, “Instead of treating it as a commodity that needs to be hidden behind large security measures, the industry and regulatory bodies need to move towards treating data as a tradable asset and data economy infrastructure wherein consumers will be more comfortable and slightly richer and data pirates have less of an incentive to breach and sell it, or else security will keep becoming expensive and hackers sophisticated, a scenario in which neither consumer nor company wins.”