Personal Data of 20 Million BigBasket Users Leaked on Dark Web
This massive leak includes names, email IDs, password hashes, contact details, location, and even IP addresses of the users.
Another massive database has allegedly been leaked on a popular cybercrime forum. The database is said to be of 20 million Big Basket users, which was first confirmed by the Indian grocery delivery startup on November 7, 2020.
The alleged database includes the email addresses, phone numbers, and hashed passwords of the affected customers. The data also allegedly carries physical addresses and date of birth of BigBasket users. Although the database that is available for free access on the dark Web includes user passwords in an encrypted form, another hacker has claimed to have decrypted some of the leaked passwords.
The alleged BigBasket database has been put on the dark Web by a hacker group infamously known as ShinyHunters.
The database was made available for anyone to download over the weekend on a well-known cybercrime forum. ShinyHunters is the same hacking group that has started to flood a dark web hacking marketplace with databases containing a combined total of 73.2 million user records over 11 different companies, according to threat intelligence SaaS provider Cyble. The group has been operating since 2015.
“A few days ago, we learnt about a potential data breach at BigBasket and are evaluating the extent of the breach and authenticity of the claim in consultation with cybersecurity experts and finding immediate ways to contain it,” the company had said while confirming the data breach that was made public by cybersecurity intelligence firm Cyble.
