Over 20 million BigBasket user records containing personal information and hashed passwords were leaked on a hacking forum.
BigBasket is a well-known Indian online grocery delivery service that allows customers to shop for groceries online and get it delivered to their homes.
ShinyHunters, a popular seller of data breaches, gave away a database that he said he stole from BigBasket on a hacker forum.
BigBasket announced a data breach in November 2020, after ShinyHunter had previously attempted to sell the breached data in private sales.
The BigBasket data breach was discovered by security researcher Alon Gal and verified by the company in November of last year.
The data obtained in the hack has now been made available on the dark web. It is open to the public and is free to use.
Gal announced the news in a recent tweet. According to the researcher, the leaked BigBasket data includes 20 million users’ names, email addresses, hashed passwords, phone numbers, and birthdates.
The passwords are hashed using the SHA1 algorithm, and cybercriminals claim to have cracked 2 million of them so far. According to another participant, 700,000 customers used the password “password” for their accounts.
All BigBasket users are strongly advised to change their passwords on BigBasket and any other platforms that use the same password immediately. Additionally, you can check on Have I Been Pwned? to see if your email or phone number was included in the data leak.
“This could lead to a serious problem for the affected customers as bad actors would gain access to their personal web accounts using the decrypted passwords and leaked email addresses”, Cyber-security researcher Rajshekhar Rajaharia told Gadgets 360