By the end of 2020, BigBasket, grocery e-commerce company was affected by a data breach where nearly two crore users’ data was reportedly up for sale. The company has admitted that it was looking into the matter, there was a new report suggesting that the breached data is available on the dark web.
According to a report relying on the work of a computer researcher, ShinyHunters, a hacker collective have made the data of over 2 crore users in the form of a 3.5 GB database on a dark web data forum. Meanwhile, Alon Gal, security analyst also tweeted about user being leaked online, while breach monitoring websites have also included information about the breach.
Infamous threat actor "ShinyHunters" just leaked the database of "BigBasket, a famous Indian 🇮🇳 online grocery delivery service. (@bigbasket_com)— Alon Gal (Under the Breach) (@UnderTheBreach) April 25, 2021
20,000,000+ clients affected and information such as emails, names, hashed passwords, birthdates and phone numbers were leaked. pic.twitter.com/tD5TMxNkH7
The leaked database, as part of the data breach reportedly includes usernames, email addresses, birthdates, (hashed) passwords, along with their residential addresses. The breach at the time was disclosed lat year, however, data security group Cyble has claimed that the data from the breach was being sold on the dark web for around ₹30 lakh, considering the data also includes users residential addresses, this could prove to be quite a privacy nightmare.
No statement was published by BigBasket on the leaked customer data. Meanwhile, users can vusut security researcher Troy Hunt’s breach monitoring website haveibeenpwned.com to make sure if their data was found in the breach.