Today’s morning, ShinyHunters, a well-known seller of data beaches, posted a database containing stolen BigBasket data on a hacker forum.
The data includes personal information and hashed passwords of over 20 million BigBasket user’s data.
For your information, BigBasket is a popular Indian based grocery delivery service. It allows people to shop online for food and deliver it to their homes.
When shinyHunter had tried to share the stolen data in public in November 2020, BigBasket confirmed that they suffered the data breach.
BigBasket CEO said, “There’s been a data breach and we’ve filed a case with the cybercrime police. The investigators have asked us not to reveal any details as it might hamper the probe.”
Threat actors released the whole database for free as is typical for older breaches privately sold by ShinyHunters.
The database includes the customers’ email addresses, SHA1 hashed passwords, addresses, phone numbers and other assorted information.
The passwords were found hashed using SHA1 algorithm. Over 2 millions of listed passwords have been cracked already, as per the claims by the forum members.
A member from the forum claimed that 700K of the customers used the password “passwords” their accounts.
Some of the records are accurate and so the customers should play it safe and assume that their customers’ info has been leaked as well.
The users should immediately change their passwords on the BigBasket and other sites having the same password.