BigBasket Data Leak – Over 20 Million Personal Information and Hashed Passwords Published on a Hacking Forum

A database of about 20 million alleged BigBasket users has leaked on a well-known cybercrime forum.

BigBasket is a popular Indian online grocery delivery service that allows people to shop online for food and have it to their homes.

A threat actor has leaked approximately 20 million BigBasket user records containing personal information and hashed passwords on a hacking forum.

A well-known seller of data breaches known as ShinyHunters published the alleged BigBasket database and made it available for anyone to download — on a popular cybercrime forum over the weekend.

Private Data of 20 Million Personal Information and Hashed Passwords Published Online

The database includes users’ email addresses, phone numbers, addresses, scrambled passwords, date of birth, and scores of interactions they had with the service. TechCrunch confirmed the details of some customers listed in the database, including the authors.

BigBasket confirmed to Bloomberg News that in November 2020, they had suffered a data breach after ShinyHunter had previously tried to sell the stolen data in private sales.

“There’s been a data breach and we’ve filed a case with the cybercrime police,” BigBasket CEO  Hari Menon told Bloomberg News. “The investigators have asked us not to reveal any details as it might hamper the probe.”

The report says that the threat actor has now released the whole database for free, which reportedly contains over 20 million user records.

As per the leak, the passwords were hashed using the SHA1 algorithm. It is reported that forum members have already claimed to crack 2 million of the listed passwords. Another member who has access to these details claims that up to 700k customers used the password as a ‘password’ for their accounts.

Big Basket has yet to comment on the leaked data, which is currently available online. Nevertheless, in the earlier period, the company had already acknowledged the existence of the breach which has already filed a case with the cybercrime police last year when it detected the breach for the first time on October 30.

How to Protect Yourself from the Breach?

It is strongly recommended that all BigBasket users immediately change their passwords on BigBasket and at any other sites using the same password.

Reports have confirmed that some of the records are accurate, including information specific to the BigBasket service, so customers should be safe and assume that their customer information has been leaked as well.

Also Read

MobiKwik Data Breach – Hackers Selling Over 8TB of Users Personal and Financial Data

Online Alcohol Delivery Startup Drizly Hacked – 2.5 million Drizly Accounts Stolen