BigBasket Database Leak

Continuing the data leak spree of Indian tech firms, BigBasket joins the list of shame. The online grocery store backed by the Tata group has suffered a data breach last year. This led the hackers to steal sensitive customer information like PII and their account credentials. The database is said to be containing over 20 million user records and has been shared privately among hackers since then. But, this changed now, as the adversary behind this hack and leak, ShinyHunters has now dumped the whole 20-million records worth database for free in a popular leak forum. This is usual for threat actors, who initially sell the stolen database for a price, and after making an adequate profit, they offer it for free to gain reputation.

20,000,000+ clients affected and information such as emails, names, hashed passwords, birthdates and phone numbers were leaked. pic.twitter.com/tD5TMxNkH7 — Alon Gal (Under the Breach) (@UnderTheBreach) April 25, 2021 The leaked database is having details like the customers’ email addresses, SHA1 hashed passwords, addresses, phone numbers, and other information like the location and order details. What’s terrifying is that members of the forum are showing extreme interest in obtaining this database, which could lead to numerous cyberattacks in the future. Some in the comments have claimed to crack over 2 million passwords already, which are salted with the SHA1 algorithm. And one said that over 700K customers used ‘password’ as their account password! A best practice that BigBasket users can now do is to change their credentials immediately, and also for the ones that have the same.

BigBasket Data Leak  Over 20 Million Customer Records Leaked For Free - 38