BigBasket is a popular online grocery delivery service in India that enables customers to shop for grocery items online and the orders are delivered to their homes in a hassle-free way.
ShinyHunters, a well-known seller of stolen databases posted a database for free on a hacker forum that they claimed was the breached database of BigBasket.
Last year, BigBasket had confirmed that it suffered a data breach and ShinyHunter had earlier tried to sell the user data that was stolen through private sales.
“There’s been a data breach and we’ve filed a case with the cybercrime police,” BigBasket CEO Hari Menon stated. “The investigators have asked us not to reveal any details as it might hamper the probe,” he added.
As seen in earlier breaches as well, ShinyHunters has released the entire database for free. The database is said to contain over 20 million customer records. The database contains BigBasket user information, including address, phone number, email address, SHA1 hashed passwords and other such information.
These passwords have been hashed leveraging the SHA1 algorithm, and the forum members have asserted to have already cracked over 2 million of the listed passwords.
One member has revealed that over 700k of the customers were using the word ‘password’ as the account password. Earlier, ShinyHunters have been behind other data breach incidents including Wattpad, Dave, Chatbooks, etc.
Some records have been confirmed to be accurate which includes certain information that is specific to the BigBasket service, users are therefore advised to consider the possibility of their data being leaked as well.
BigBasket should immediately change its account passwords as a precautionary measure. It is also highly recommended that the users leverage a password manager to manage all the passwords that are being used across different apps.