Leading e-grocer BigBasket suffered a potential data breach that could have compromised details of 20 million users, according to cyber intelligence firm Cyble. The data included users’ full names, email IDs, password hashes and contact numbers, among other bits of information, and was put up for sale on the dark web for $40,000, a Cyble blogpost said. BigBasket said it had lodged a police complaint and was evaluating the extent of the breach, while adding that it didn’t store customers’ financial data. Last month, pharmaceuticals major Dr Reddy’s had to shut down its plants following a cyberattack on its servers.
User Across World Writes about it. An User Writes:
User Across World Writes about it. An User Writes:
BigBasket's data breach is all over the news today. It's in the front page of Business Standard and there's also a substantially large story in Mint.
While the company has issued a statement in response to the media reports, *to the media*, isn't it appropriate that they also inform users directly too? If we users read about the breach in the news and do not hear anything from the company directly, that looks terribly bad from a corporate communications perspective.
Companies gleefully go over the board with offers and new deals to email, sms us customers. But when it comes to bad news, why delay informing customers? If they knew the news is going to be out today in the papers (they have sent a statement to the media, after all!), why not include users in the communications roster?
Why let us users discuss it among ourselves? Why not clarify the company's perspective, taking us into the fold, explain the nature of the breach, the extent of the breach and what we should do, if at all there is something we can? The timeline for such communication is before, during or as close to the news coming out in mainstream media.
This is very disappointing.
While the company has issued a statement in response to the media reports, *to the media*, isn't it appropriate that they also inform users directly too? If we users read about the breach in the news and do not hear anything from the company directly, that looks terribly bad from a corporate communications perspective.
Companies gleefully go over the board with offers and new deals to email, sms us customers. But when it comes to bad news, why delay informing customers? If they knew the news is going to be out today in the papers (they have sent a statement to the media, after all!), why not include users in the communications roster?
Why let us users discuss it among ourselves? Why not clarify the company's perspective, taking us into the fold, explain the nature of the breach, the extent of the breach and what we should do, if at all there is something we can? The timeline for such communication is before, during or as close to the news coming out in mainstream media.
This is very disappointing.
Users on Linkedin Writes:
Needless to say, if you have re-used the passwords on any-other sites, change them all immediately.
Last I checked, they have not sent out any communications yet.
The same was informed to Bigbasket by Cyble (they detected/discovered this breach)
bigbasket.com it calls for strict actions, definitely a statement and guidelines to push the customers to reset their passwords.
#bigbasket #cyberlaws # #cybersecurity #databreach
Comments
Post a Comment
Thanks for Your time . we appreciate your feedback. Comment here!