BigBasket, an Indian online grocery store that suffered a data breach last year had its data leaked today, for free! Threat actors behind this are identified to be ShinyHunters, who previously involved in many leaks and hacks. They have now leaked the BigBasket database containing over 20 million user records for free in a popular leak forum, where everyone is obtaining it aggressively.
BigBasket Database Leak
Continuing the data leak spree of Indian tech firms, BigBasket joins the list of shame. The online grocery store backed by the Tata group has suffered a data breach last year. This led the hackers to steal sensitive customer information like PII and their account credentials. The database is said to be containing over 20 million user records and has been shared privately among hackers since then.
But, this changed now, as the adversary behind this hack and leak, ShinyHunters has now dumped the whole 20-million records worth database for free in a popular leak forum. This is usual for threat actors, who initially sell the stolen database for a price, and after making an adequate profit, they offer it for free to gain reputation.
Infamous threat actor "ShinyHunters" just leaked the database of "BigBasket, a famous Indian 🇮🇳 online grocery delivery service. (@bigbasket_com)
20,000,000+ clients affected and information such as emails, names, hashed passwords, birthdates and phone numbers were leaked. pic.twitter.com/tD5TMxNkH7
— Alon Gal (Under the Breach) (@UnderTheBreach) April 25, 2021
The leaked database is having details like the customers’ email addresses, SHA1 hashed passwords, addresses, phone numbers, and other information like the location and order details. What’s terrifying is that members of the forum are showing extreme interest in obtaining this database, which could lead to numerous cyberattacks in the future.
Some in the comments have claimed to crack over 2 million passwords already, which are salted with the SHA1 algorithm. And one said that over 700K customers used ‘password’ as their account password! A best practice that BigBasket users can now do is to change their credentials immediately, and also for the ones that have the same.