BigBasket, a popular delivery service based in India that allows people to shop online for food and have it delivered to their homes, suffered a data breach and had over 20 million user records leaked.

Recently a well-known seller of data breaches, known on the dark web as ShinyHunters has shared a database for free on a hacker forum.

Bigbasket data leak


Last year BigBasket confirmed to the news publication Bloomberg News the fact that they had suffered a data breach after the seller ShinyHunter had tried to sell the stolen data in a few private sales.

There’s been a data breach and we’ve filed a case with the cybercrime police.

The investigators have asked us not to reveal any details as it might hamper the probe.


The threat actor has now released the whole database for free, which reportedly contains more than 20 million user records, including email addresses, SHA1 hashed passwords, addresses, phone numbers, and other assorted information.

The passwords are hashed using the SHA1 algorithm, with forum members claiming to have cracked 2 million from the listed passwords and another member saying that 700k of the customers used the password ‘password‘ for their accounts.

In the past, ShinyHunters has been responsible for or involved in other data breaches, including Tokopedia, TeeSpring, Minted, Chatbooks, Dave, Promo, Mathway, Wattpad, and many more.

At this time all the BigBasket users should immediately change their passwords on the platform and also on any other site where they might be using the same password.

It’s important to note that in this type of situation it’s also important to make sure that all the passwords we’re using are strong and private.

Heimdal Official Logo
Email is the most common attack vector used as an entry point into an organization’s systems.

Heimdal® Email Security

Is the next-level email protection solution which secures all your incoming and outgoing comunications.
  • Completely secure your infrastructure against email-delivered threats;
  • Deep content scanning for malicious attachments and links;
  • Block Phishing and man-in-the-email attacks;
  • Complete email-based reporting for compliance & auditing requirements;
Try it for FREE today 30-day Free Trial. Offer valid only for companies.

You can find out more about keeping your online accounts secure here.

How to Implement a Strong Password Policy. Best Practices and Mistakes to avoid

Top 550+ Funny Passwords Ever Encountered

Leave a Reply

Your email address will not be published. Required fields are marked *