Bengaluru-based online grocery platform Big Basket got breached back in October 2020. The hacker had put the leaked data of over 2 crore users on sale on Dark Web. This alleged breach occurred on occurred on October 14 2020. Later on, the company even confirmed that its service was breached which detected this incident on October 30th. Now, in a recent development, private data of more than 20 million users which got leaked back in October is published online. The leaked data includes users name, phone number, physical addresses, email address, and date of birth details. Let’s check out ahead as such how you can protect your details, if you are one of those whose details are exposed in this breach.
Private Data of 20 Million+ Big Basket Users Published Online
The hacker who goes by name ShinyHunters has published the Big Basket database, and is made available for anyone to download, reports Techcrunch. The leaked data was made available online on Cybercrime forums over the weekend. As per the leak, the passwords were hashed using SHA1 algorithm. It is reported that forum members have claimed to crack 2 million of the listed passwords already. Another member who has access to these details claims that up to 700k of the customers used the password as ‘password’ for their accounts. Below image shows us the sample record in the database:
As of now, Big Basket is yet to comment about these leaked data which is currently available online. However, in the past the company already had acknowledged the existence of the breach, who has already filed a case with the cybercrime police last year when it detected the breach for the first time on October 30.
Infamous threat actor “ShinyHunters” just leaked the database of “BigBasket, a famous Indian 🇮🇳 online grocery delivery service. (@bigbasket_com)
20,000,000+ clients affected and information such as emails, names, hashed passwords, birthdates and phone numbers were leaked. pic.twitter.com/tD5TMxNkH7
— Alon Gal (Under the Breach) (@UnderTheBreach) April 25, 2021
How To Protect Yourself If Your Data is Leaked in the Big Basket Breach?
Popular service Have I Been Pwned has already emailed users earlier today whose email address are compromised in the Big Basket data breach. The website mentions that these records are from the 14 October 2020 breach, which also claims to have found as of now 24,500,011 accounts which have been compromised. The data was already sold before being leaked publicly now as per Have I Been Pwned.
BleepingComputer has even confirmed that the leaked data is accurate, including information specific to the BigBasket service. If you have received an email from Have I Been Pwned, we would suggest you to change your password at the earliest, and play it safe. That apart, you can use some password manager which will help you manage the unique passwords you use at different sites.
