20 Million BigBasket User Records Got Leaked
20 Million BigBasket Alleged User Records Containing Personal Information and Hashed Passwords Were Leaked by a Threat Actor.
BigBasket, a popular delivery service based in India that allows people to shop online for food and have it delivered to their homes, suffered a data breach and had over 20 million user records leaked.
Recently a well-known seller of data breaches, known on the dark web as ShinyHunters has shared a database for free on a hacker forum.
Last year BigBasket confirmed to the news publication Bloomberg News the fact that they had suffered a data breach after the seller ShinyHunter had tried to sell the stolen data in a few private sales.
There’s been a data breach and we’ve filed a case with the cybercrime police.
The investigators have asked us not to reveal any details as it might hamper the probe.
The threat actor has now released the whole database for free, which reportedly contains more than 20 million user records, including email addresses, SHA1 hashed passwords, addresses, phone numbers, and other assorted information.
Infamous threat actor “ShinyHunters” just leaked the database of “BigBasket, a famous Indian 🇮🇳 online grocery delivery service. (@bigbasket_com)
20,000,000+ clients affected and information such as emails, names, hashed passwords, birthdates and phone numbers were leaked. pic.twitter.com/tD5TMxNkH7
— Alon Gal (Under the Breach) (@UnderTheBreach) April 25, 2021
The passwords are hashed using the SHA1 algorithm, with forum members claiming to have cracked 2 million from the listed passwords and another member saying that 700k of the customers used the password ‘password‘ for their accounts.
In the past, ShinyHunters has been responsible for or involved in other data breaches, including Tokopedia, TeeSpring, Minted, Chatbooks, Dave, Promo, Mathway, Wattpad, and many more.
At this time all the BigBasket users should immediately change their passwords on the platform and also on any other site where they might be using the same password.
It’s important to note that in this type of situation it’s also important to make sure that all the passwords we’re using are strong and private.
Heimdal® Email Security
- Completely secure your infrastructure against email-delivered threats;
- Deep content scanning for malicious attachments and links;
- Block Phishing and man-in-the-email attacks;
- Complete email-based reporting for compliance & auditing requirements;
You can find out more about keeping your online accounts secure here.