Personal information of 20 million BigBasket users is now available online for anyone to download and use
- BigBasket’s alleged database included personal details of affected users
- The database has been leaked by a hacker known as ShinyHunters
- BigBasket has not yet confirmed the leak or informed its customers
- Database of around 20 million Big Basket users is allegedly out on the internet.
- It is the same data that was reported to be breached in November 2020.
Bengaluru-based online grocery platform Big Basket got breached back in October 2020. The hacker had put the leaked data of over 2 crore users on sale on Dark Web. This alleged breach occurred on occurred on October 14 2020.
Later on, the company even confirmed that its service was breached which detected this incident on October 30th. Now, in a recent development, private data of more than 20 million users which got leaked back in October is published online. The leaked data includes users name, phone number, physical addresses, email address, and date of birth details.
A group calling themselves ‘ShinyHunters‘ published the massive database on the forum over the weekend and it is available for anyone to download and use. Some users on the forum have even claimed that have managed to decode hashed passwords and have put them up for sale separately.
BigBasket filed a police complaint with the Bengaluru Cyber Crime Cell last year to verify cyber intelligence group Cyble’s claims that the company had suffered a massive breach.
Cyble alleged that the data was for sale on the dark web for Rs. 30 lakh. In a blog published by the cyber intelligence group, they claimed that they had found a database of BigBasket customer details on sale for over $40,000. They also added that data included names, email IDs, password hashes, contact numbers, addresses, date of birth, location, and even IP addresses of the users affected. The breach occurred on October 30, 2020.
BigBasket has only made a single statement on the breach stating that they were working “with the Cyber Crime Cell in Bengaluru and intend to pursue this vigorously to bring the culprits to book.”
BigBasket has responded to NDTV’s Gadgets 360 to confirm that this is indeed the November leak, and the company also highlighted that it has made changes to its systems to eliminate all hashed passwords, moving to an OTP-based mechanism instead, as a security measure. BigBasket’s full statement is included at the end of this article.
“A few days ago, we learnt about a potential data breach at BigBasket and are evaluating the extent of the breach and authenticity of the claim in consultation with cybersecurity experts and finding immediate ways to contain it,” the company had said while confirming the data breach that was made public by cybersecurity intelligence firm Cyble.
Founded in 2011, BigBasket is backed by China’s Alibaba and is one of the leading platforms for delivering groceries online. The pandemic helped the company expand its business and even attract conglomerate Tata Group that in February agreed to acquire a majority stake in the company.