Data of over 20 million Big Basket Users Leaked

Garima Kejriwal

April 26, 2021

Over the weekend, the personal data of over 20 million Indian users were leaked on a well-known cybercrime forum. The database is said to be of Big Basket users, which the Indian grocery delivery start-up first confirmed on November 7, 2020. The database includes email IDs, home addresses, phone numbers, password hashes (potentially hashed OTPs), IP addresses, date of birth and also the user-aggregator interactions done on the app. Big Basket confirmed the breach after a detailed report was published by global threat intelligence SaaS provider, Cyble last year. Cyble detected the breach on October 30 during its routine Dark Web Monitoring. The data was available for an estimated $40,000 during the time of the breach. Even though the company initially asked Cyble not to disclose the violation, they went ahead as the customers had the right to know about the vulnerability created. ShinyHunters, the group that claims to have published the database, is a common name in the cybercrime world. The group has been operating since 2015; some of their aliases are Shiny Hunters, #TheDarkOverlord, Gnostic Players. Even though experts verified the leak, the data is still available for download on the forum. Big Basket now claims to have adopted a secure OTP-based authentication mechanism that does not collect or store any customers' sensitive personal data like credit card details.

Abridged fromNDTV (Gadgets)