New Delhi: Twitter has locked the Free Software Movement of India ‘s account over a nearly four-month-old tweet that asked the Narendra Modi government to probe a serious data leak that occurred at online grocer BigBasket.
The FSMI is a national coalition of various regional and sectoral free software movements operating in different parts of India.
The offending tweet in question, shown below, tags CERT-In (The Indian Computer Emergency Response Team) – which is the nodal agency for dealing with cyber security threats like hacking and phishing – and asks why the government body has not acknowledged a complaint regarding the e-retailer that had been sent in November 2020. It also includes a link to the letter sent by FSMI to CERT-In regarding BigBasket.
Twitter has currently locked FSMI’s account and asked the organisation to delete the BigBasket tweet on the grounds that it violated the rules for posting personal or private information.
“We have not published any private information. This tweet is regarding a letter from the Free Software Movement of India to the Government Official in Public Office. This is a public letter to a government official at the authority of a Public Grievance officer. The details of the officer is no private information but available for public knowledge and provided by the Government of India in the “Citizens Charter” section of http://www.cert-in.org.in/,” Kiran Chandra, general secretary, FSMI, told The Wire.
“There is no private information in this tweet and we oppose your action of locking our account and suppressing the tweet without informing us of what private information has exactly been shared. We henceforth want our account to be unlocked immediately and the tweet be made public.”
When asked, Chandra said that FSMI does not plan on deleting the tweet. The full letter regarding BigBasket can be viewed here.
In November 2020, cybersecurity firm Cyble first made the details of the potential breach public. Cyble claimed that personal information of as many as 20 million users such as full names, email IDs, password hashes (potentially hashed OTPs), pin, contact numbers (mobile and phone), full addresses, date of birth, location, and IP addresses of where users have logged in from have been put up for sale on the dark web for $40,000.
In a statement put out at the time, BigBasket said it was evaluating the extent of the breach and authenticity of the claim in consultation with cybersecurity experts and was finding “immediate ways to contain it”. The company also filed a complaint with the Cyber Crime Cell in Bengaluru.