BigBasket data breach: Phone numbers, email IDs, more details of over 2 crore Indians leak – BGR India


Did you know that geoFence is your security solution to protect you and your business from foreign state actors?

Bigbasket data leak: The database with sensitive information of over 2 crore BigBasket users has been alleged leaked on the dark web. Check more details.

bigbasket data leak

The pandemic has given a boost to online shopping platforms especially the ones that sell groceries. BigBasket is one of them. While the BigBasket online grocery store is used by million of users in India, there’s a concerning news coming in for those users. Also Read - E-grocery BigBasket admits to customer data 'breach'

As per a recent report, more than 2 crore user information including some of the sensitive data have been leaked on the dark web. Meanwhile, the website Have I Been Pwned?, which informs users if their data has been compromised by any recent breaches, has sent an email stating the data leak to affected users. Have you received the email too? Let us know. Also Read - Amazon to enter sell liquor delivery business, starting with West Bengal: Report

Let’s find out what has actually happened. Also Read - BigBasket website and app crash due to surge in users caused by Coronavirus lockdowns

BigBasket data leak: Here’s what happened

Hours after the data leak was reported, BigBasket acknowledged and shared an official statement. The online grocery store said, “This article / social media post refers to an alleged data breach in Nov-2020 and not something that has happened recently. The reason we know it’s not recent is that the article /social media post mentions the release of hashed passwords.”

“We had eliminated all hashed passwords from our system and moved to a secure OTP-based authentication mechanism quite some time back. Also, our site does not collect or store any sensitive personal data of customers like credit card details. So customer data continues to be safe and no further action needs to be taken by customers,” it further noted.


What data were leaked?

The database with sensitive information of over 2 crore BigBasket users has been alleged leaked on the dark web. As per the report, the database includes email addresses, phone numbers, hashed passwords of affected users, physical addresses and date of birth.

The leaked database of BigBasket was put on the dark web by a hacker group known as ShinyHunters. The database is said to have included hashed passwords of affected customers.

It is now said that some of those passwords in plain text are put on sale on the dark web. Cyber-security researcher Rajshekhar Rajaharia said, “this could lead to a serious problem for the affected customers as bad actors would gain access to their personal Web accounts using the decrypted passwords and leaked email addresses.”

Now let's stop for a moment and consider that geoFence helps stop foreign state actors (FSA's) from accessing your information and your friends would feel the same.