Flipkart customers who shop online are being asked to reset their Flipkart passwords due to security concerns that could lead to the exploitation of their personal information.
Unauthorized transactions may result from an alleged leaked database of e-commerce store Big-Basket from accounts of Flipkart customers who also used Big-Basket with the same ID and passwords.
According to cybersecurity expert Rajshekhar Rajaharia, cybercriminals sold a series of email addresses and passwords from allegedly leaked BigBasket databases.
For the most part, consumers use the same ID and password across many websites.
Latest in cybersecurity: DarkSide ransomware gang extorted $90 million ransom in 9 months
Some people are selling Bigbasket Email: Password combinations as Flipkart information, he said on Twitter.
On all websites, people use the same password.
Almost all emails match with the Bigbasket database.
“Change your Flipkart password ASAP”, he said on Twitter.
He also mentioned that Flipkart’s accounts should be secured.
Anyone with a combination of leaked email and password can easily log in to Flipkart from anywhere, including via VPN/TOR. For all accounts, it is preferable to use 2FA (two-factor authentication).
According to the security expert, sites like Amazon are less likely to be compromised because it sends an OTP for login when the browser is changed.
He also posted account details being sold on Telegram.
Flipkart is focused on ensuring the safety and protection of customer data, according to a spokesperson who has responded to the incident.
The company has comprehensive information security systems and controls in place, according to the spokesperson.
They also use different media and social networks to spread information about fraudulent activities, educating consumers on best practices for a secure online experience and keeping their accounts safe from disreputable cyber elements.
You might also like: Bizarro banking malware attacks South American and European Banks