More than 20 million BigBasket users’ data were recently leaked on a well-known hacking forum known as “ShinyHunter” It’s a popular online grocery delivery service in India, that allows users to order groceries online and convey them to their homes.
A hackers forum user, ShinyHunter has recently posted the leaked database of BigBasket users for free, and not only that even the ShinyHunter has also claimed that he has stolen this database from BigBasket.
Moreover, the leaked database contains more than 20 million personal information and hashed passwords of the BigBasket users.
We have already reported a previous BigBasket data leak last in November 2020, in which Over 20 Million BigBasket Customers Data Exposed in DarkWeb.
According to the reports, earlier when in Nov 2020 BigBasket itself has confirmed this data breach, at that time ShinyHunter tried to trade this stolen database in the private sales of the hackers’ forums.
Apart from this, the CEO of the BigBasket, Hari Menon affirmed that the experts urged them to not reveal any information regarding this data breach, as this could impede the investigation.
Generally, ShinyHunter sells all the older breached databases privately in private sales of hackers’ forums. But, now according to the reports, ShinyHunter has recently released the whole database for free that contains more than 20 million personal information and passwords of the BigBasket users.
The security experts have professed that ShinyHunter is also implicated in other data breaches like Tokopedia, TeeSpring, Minted, Chatbooks, Dave, Promo, Mathway, Wattpad, and it goes on.
The other members of the forum where ShinyHunter posted the leaked database of 20 million users have managed to decode 2 million passwords, and not only that even another member of that forum also claimed that more than 700k users of this leaked database have used “password” as their password for BigBasket account.
The leaked database contains the following details of BigBasket users:-
- Email addresses
- SHA1 hashed passwords
- Physical addresses
- Phone numbers
- Other assorted information
So, as a security measure, the analysts have recommended all the users of BigBasket to immediately change their passwords of BigBasket accounts, and also on the sites where they are using these same leaked passwords.