Big Basket data breach: email IDs, phone numbers, home addresses of two crore Indians allegedly leaked on the web

Advertisement
Big Basket data breach: email IDs, phone numbers, home addresses of two crore Indians allegedly leaked on the web
Big Basket
  • Database of around 20 million Big Basket users is allegedly out on the internet.
  • It is the same data that was reported to be breached in November 2020.
  • You can check if your data has been compromised.
Advertisement
Another massive database has allegedly been leaked on a popular cybercrime forum. The database is said to be of 20 million Big Basket users, which was first confirmed by the Indian grocery delivery startup on November 7, 2020. The database includes email IDs, home addresses, phone numbers, password hashes (potentially hashed OTPs), IP addresses, date of birth and also the user-aggregator interactions done on the app.

The hacker who is said to have published the alleged Big Basket database goes by the name ShinyHunters. The database was made available for anyone to download over the weekend on a well-known cybercrime forum. ShinyHunters is the same hacking group that has started to flood a dark web hacking marketplace with databases containing a combined total of 73.2 million user records over 11 different companies, according to threat intelligence SaaS provider Cyble. The group has been operating since 2015, some of their aliases are Shiny Hunters, #TheDarkOverlord, Gnostic Players.

Unfortunately, Big Basket was not the only Indian startup that reported data breaches or bugs in their security system, last year. WhiteHat Jr and Dunzo were also among the startups that saw their data getting compromised over the same period.

Complimentary Tech Event
Transform talent with learning that works
Capability development is critical for businesses who want to push the envelope of innovation.Discover how business leaders are strategizing around building talent capabilities and empowering employee transformation.Know More
The news comes weeks after Tata Group shared its plan to acquire BigBasket, valuing the Indian startup at over $1.8 billion. Big Basket has not released any official statement on the leak. We'll be updating the story if and when we hear from the management.

When did the Big Basket breach happen?

According to Cyble, which was the first to make the details of the potential breach public, the first breach occurred on October 14 and it found out about it on October 30, later disclosing it to Big Basket on November 1. Cyble also claimed that the data was put up for sale on the dark web for $40,000.
Advertisement


How to check if your data is compromised?
Big Basket data breach: email IDs, phone numbers, home addresses of two crore Indians allegedly leaked on the web
My data has been compromised.Business Insider India

There are some portals like 'have I been pwned' and 'am I breached', where you can check your data has been compromised in one of the breaches in the past. You simply need to go to these sites, enter your email used to register the account and hit enter. In the former’s case, you will be informed about the number of breaches. Scrolling down, you will be able to see the platforms that were hit by a breach, compromising your data. I checked mine, and unfortunately, my data has been compromised in 11 breaches (image above) including Big Basket, Zomato, Dunzo, Zoomcar and more.
{{}}