advertisement
Data of more than 20 million customers of BigBasket has been allegedly leaked on Dark web. The database was first stolen in November 2020. The online grocery delivery platform had earlier confirmed that its platform was hacked.
A cyberespionage group dubbed as 'ShinyHunters' published this massive data on a dark web forum. This database has been made publicly available for anyone to download.
This dataset includes names, email IDs, password hashes, contact numbers, addresses, date of birth, location, and even IP addresses of the users affected.
The Quint, through cyber security researcher Sourajeet Majumder, could personally verify and confirm that the data has been posted on the Dark web data forum by ShinyHunters. The data posted includes personal information belonging to 2 crore of its users amounting to 3.25 GB.
In 2020, it was reported that 'ShinyHunters', a notorious hacker group, had allegedly breached BigBasket – an Indian online grocery delivery service and had put up the data for sale on the Dark web.
Later, BigBasket accepted the breach and filed an FIR to verify cyber intelligence group Cyble's claim that the grocery delivery platform had suffered a massive breach.
The same hacker group has publicly dumped the data of 21 million users of BigBasket on a hacking forum (RaidForums) this Sunday.
The 3.25 GB file has been made open for all to download and it includes the user's name, residence address, IP address, email, phone number and SHA-1 hashed passwords of their BigBasket accounts besides other details.
However, the data does not hold any financial information of BigBasket's users.
Since the company has confirmed there has been a data breach, you can always request them to tell you what kind of data has been compromised. A company is obliged to provide you with that information since it's your data.
"Since the scale of this data breach is quite alarming, BigBasket must look into this asap and notify it's users about this breach so that they can stay alert from any scam calls or phishing campaigns. User's too must change the passwords of their Big Basket account to stay on the safer side,” Majumder told The Quint.
The Quint reached out to BigBasket for a comment on the alleged data breach. Here's what the company said:
(At The Quint, we question everything. Play an active role in shaping our journalism by becoming a member today.)