The BigBasket database of more than 20 million customers was reportedly leaked on the dark web, months after the online grocery delivery platform confirmed a data breach. The suspected database includes the email addresses, phone numbers and hashed passwords of the affected customers. The data would also include physical addresses and the date of birth of BigBasket users. Although the database available for free access on the Dark Web includes user passwords in an encrypted form, another hacker claimed to have cracked some of the leaked passwords.
The alleged BigBasket database has been put on the dark web by a group of hackers infamous as the ShinyHunters. It includes details like email addresses, names, date of birth, and phone numbers.
The infamous “ShinyHunters” threat actor just leaked the database of “BigBasket, a popular Indian online grocery delivery service. (@bigbasket_com)
More than 20,000,000 affected customers and information such as emails, names, hashed passwords, dates of birth and phone numbers have been leaked. pic.twitter.com/tD5TMxNkH7
– Alon Gal (Under the Breach) (@UnderTheBreach) April 25, 2021
Cybersecurity researcher Rajshekhar Rajaharia told Gadgets 360 that the leaked database was associated with the flaw that BigBasket himself confirmed in November of last year.
“A few days ago we learned of the existence of a potential data breach at BigBasket and are assessing the extent of the breach and the authenticity of the claim in consultation with cybersecurity experts and find immediate ways to contain it, ”the company said, confirming the data. violation that was made public by cybersecurity intelligence firm Cyble.
ShinyHunters made the so-called BigBasket database available for download on the Dark Web over the weekend. It included the hashed passwords of the affected clients. However, some plain text passwords are now also listed on the Dark Web.
“Another hacker claims to have cracked millions of passwords associated with BigBasket,” Rajaharia said. “This could cause a serious problem for affected customers, as malicious actors would gain access to their personal web accounts using the cracked passwords and leaked email addresses.”
Gadgets 360 has reached out to BigBasket for comment on this. This report will be updated when we get back to you.
Meanwhile, the Have I Been Pwned? – which informs users if their data has been compromised by recent breaches – sent an email to notify some affected customers of the data breach.
Founded in 2011, BigBasket is backed by Chinese Alibaba and is one of the leading online grocery delivery platforms. The pandemic has helped the company grow its business and even attract the conglomerate Tata Group, which agreed in February to acquire a majority stake in the company.
Why did LG abandon its smartphone business? We discussed this on Orbital, the Gadgets 360 podcast. Later (starting at 10:00 PM) we talk about the new co-op RPG shooter Outriders. Orbital is available on Apple Podcasts, Google Podcasts, Spotify, and anywhere you get your podcasts.