Thursday, March 28, 2024

BigBasket Data Leak – Over 20 Million Personal Records Published on Hacking Forum

More than 20 million BigBasket users’ data were recently leaked on a well-known hacking forum known as “ShinyHunter” It’s a popular online grocery delivery service in India, that allows users to order groceries online and convey them to their homes. 

A hackers forum user, ShinyHunter has recently posted the leaked database of BigBasket users for free, and not only that even the ShinyHunter has also claimed that he has stolen this database from BigBasket.

Moreover, the leaked database contains more than 20 million personal information and hashed passwords of the BigBasket users.

We have already reported a previous BigBasket data leak last in November 2020, in which Over 20 Million BigBasket Customers Data Exposed in DarkWeb.

According to the reports, earlier when in Nov 2020 BigBasket itself has confirmed this data breach, at that time ShinyHunter tried to trade this stolen database in the private sales of the hackers’ forums.

Apart from this, the CEO of the BigBasket, Hari Menon affirmed that the experts urged them to not reveal any information regarding this data breach, as this could impede the investigation.

https://twitter.com/UnderTheBreach/status/1386281705477189633

Generally, ShinyHunter sells all the older breached databases privately in private sales of hackers’ forums. But, now according to the reports, ShinyHunter has recently released the whole database for free that contains more than 20 million personal information and passwords of the BigBasket users.

The security experts have professed that ShinyHunter is also implicated in other data breaches like Tokopedia, TeeSpring, Minted, Chatbooks, Dave, Promo, Mathway, Wattpad, and it goes on.

Data Involved

The other members of the forum where ShinyHunter posted the leaked database of 20 million users have managed to decode 2 million passwords, and not only that even another member of that forum also claimed that more than 700k users of this leaked database have used “password” as their password for BigBasket account.

The leaked database contains the following details of BigBasket users:-

  • Email addresses
  • SHA1 hashed passwords
  • Physical addresses
  • Phone numbers
  • Other assorted information

So, as a security measure, the analysts have recommended all the users of BigBasket to immediately change their passwords of BigBasket accounts, and also on the sites where they are using these same leaked passwords.

Website

Latest articles

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting...

Wireshark 4.2.4 Released: What’s New!

Wireshark stands as the undisputed leader, offering unparalleled tools for troubleshooting, analysis, development, and...

Zoom Unveils AI-Powered All-In-One AI Work Workplace

Zoom has taken a monumental leap forward by introducing Zoom Workplace, an all-encompassing AI-powered...

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information...

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...

The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles