BigBasket: Data Breach Leaks 20 Million User Data

 

A threat actor dropped about 20 million Big Basket user reports containing personally identifiable details and hashed passwords on a common hacking forum. 

Headquartered in Bangalore, India – Big Basket is an online food supply service. The company mainly provides its customers with food products in convenience shops, home supplies, and food. Big Basket is a famous grocery delivery service platform that enables consumers to purchase and deliver food online. 

Lately, a popular dealer of data breaches named Shiny Hunters, on the morning of 26th April, published a free database on a hacker website claiming that it has already been stolen from Big Basket. Last year during November, when the same dealer, Shiny Hunter attempted to sell the data stolen via private sales on some hacking websites, Big Basket confirmed to Bloomberg News that it had experienced a data breach. 

“There’s been a data breach and we’ve filed a case with the cybercrime police,” Big Basket CEO Hari Menon told Bloomberg News. “The investigators have asked us not to reveal any details as it might hamper the probe.” 

The entire database, which is estimated to be containing over 20 million user records, now has been published for free. It contains e-mail addresses, SHA1 hashed passwords, addresses, phone numbers, and various other details.

The forum members have claimed to have already cracked 2 million passwords by using the SHA1 algorithm. Another Member says 700k of the clients have used their accounts with the password as, 'password.' Shiny Hunters have executed several other data breaches in the past including Tokopedia, Tee Spring, Minted, Chat books, Dave, Promo, Mathway, Wattpad, and more. 

The event happened weeks after the Indian Tata Group decided to purchase Big Basket, at an increase of over $1.8 billion in the value of Indian start-ups. Approval by the Indian Regulator is currently pending in the acquisition plan. 

As Bleeping Computer has also verified that certain documents are correct, like Big Basket's personal information, consumers should be confident in keeping it safe and believing that customer data has been leaked too. It is highly recommended that all Big Basket users update their passwords immediately with the same password on Big Basket and all other pages.