(Bloomberg) – Cyberattackers have stolen the personal details of million users of top Indian internet grocer Bigbasket, the latest e-commerce data breach to emerge as home-bound consumers flock online.
Bigbasket co-founder and chief executive officer Hari Menon confirmed the attack, which was first reported by U.S. cybersecurity researcher Cyble Inc. The stolen data, which includes sensitive information including email IDs, mobile phone numbers and full addresses, has been put up for sale on the dark web for more than $40,000, the Atlanta-based outfit said in a blogpost.
“There’s been a data breach and we’ve filed a case with the cybercrime police,” Menon told Bloomberg News, though he didn’t confirm the scale of the attack because of an ongoing investigation. “The investigators have asked us not to reveal any details as it might hamper the probe.”
Cybercrimes are surging around the world as consumers under lockdown turn online for essentials. Alibaba Group Holding Ltd., a major backer of Bigbasket’s, was also targeted earlier this year by attackers who infiltrated a database owned by an arm of its unit Lazada.
But Indian authorities are ill-equipped to handle digital investigations. Bangalore, the country’s technology hub, has set up eight cybercrime police bureaus over the past year, each headed up by a police inspector, but many of the staff aren’t trained to investigate phishing, hacking and other types of online attacks. Some of the newly established bureaus receive hundreds of complaints each month, but many crimes go unsolved.
Bangalore-headquartered Bigbasket sells thousands of grocery and daily household products from cooking oil to Indian spices to shoppers in over two dozen cities. Local media reported it’s in talks to sell a stake of about 50% at a valuation of roughly $2 billion to the Tata Group, the latest entrant to India’s red-hot e-commerce arena. Menon declined to comment on the talks.