BigBasket database of over 20 million clients has allegedly been leaked on the darkish Web, months after the web grocery supply platform confirmed a knowledge breach. The alleged database contains the e-mail addresses, cellphone numbers, and hashed passwords of the affected clients. The knowledge additionally allegedly carries bodily addresses and date of start of BigBasket customers. Although the database that’s out there free of charge entry on the darkish Web contains person passwords in an encrypted kind, one other hacker has claimed to have decrypted among the leaked passwords.
The alleged BigBasket database has been placed on the darkish Web by a hacker group infamously often known as ShinyHunters. It contains particulars equivalent to the e-mail addresses, names, date of start, and cellphone numbers.
Infamous menace actor “ShinyHunters” simply leaked the database of “BigBasket, a famous Indian 🇮🇳 online grocery delivery service. (@bigbasket_com)
20,000,000+ clients affected and information such as emails, names, hashed passwords, birthdates and phone numbers were leaked. pic.twitter.com/tD5TMxNkH7
— Alon Gal (Under the Breach) (@UnderTheBreach) April 25, 2021
Cyber-security researcher Rajshekhar Rajaharia told Gadgets 360 that the leaked database is associated with the breach that BigBasket itself confirmed in November last year.
“A few days ago, we learnt about a potential data breach at BigBasket and are evaluating the extent of the breach and authenticity of the claim in consultation with cybersecurity experts and finding immediate ways to contain it,” the company had said while confirming the data breach that was made public by cybersecurity intelligence firm Cyble.
ShinyHunters made the alleged BigBasket database available for download on the dark Web over the weekend. It included hashed passwords of the affected customers. However, some passwords in plain text are now also put on sale on the dark Web.
“Another hacker is claiming to have decrypted millions of passwords associated with BigBasket,” said Rajaharia. “This could lead to a serious problem for the affected customers as bad actors would gain access to their personal Web accounts using the decrypted passwords and leaked email addresses.”
Gadgets 360 has reached out to BigBasket for a comment on the matter. This report will be updated when we hear back.
Meanwhile, the website Have I Been Pwned? — that informs users on whether their data has been compromised by any recent breaches — has sent an email to notify some affected customers about the data leak.
Founded in 2011, BigBasket is backed by China’s Alibaba and is among the main platforms for delivering groceries on-line. The pandemic helped the corporate expand its business and even entice conglomerate Tata Group that in February agreed to acquire a majority stake within the firm.
Why did LG hand over on its smartphone enterprise? We mentioned this on Orbital, the Gadgets 360 podcast. Later (starting at 22:00), we talk about the new co-op RPG shooter Outriders. Orbital is available on Apple Podcasts, Google Podcasts, Spotify, and wherever you get your podcasts.