Well, 2021 seems to be the year of data breaches. After major companies including Facebook, LinkedIn, Mobikwik, and Dominos suffered major data breaches recently, this time, it is the India-based online grocery-shopping platform BigBasket that has suffered a data breach.
Recently discovered by security researcher Alon Gal (Twitter/@UnderTheBreach), the BigBasket data breach was confirmed by the company back in November of last year. Now, the data acquired in the hack has been publicly shared on the dark web. It can be accessed by anyone for free.
Gal shared the news via a tweet recently. So, as per the researcher, the leaked BigBasket data include names, email IDs, hashed passwords, phone numbers, and birthdates of 20 million users on the platform.
Infamous threat actor "ShinyHunters" just leaked the database of "BigBasket, a famous Indian 🇮🇳 online grocery delivery service. (@bigbasket_com)
20,000,000+ clients affected and information such as emails, names, hashed passwords, birthdates and phone numbers were leaked. pic.twitter.com/tD5TMxNkH7
— Alon Gal (Under the Breach) (@UnderTheBreach) April 25, 2021
The attack has been carried out by an infamous threat actor dubbed “ShinyHunters”, and most importantly, the hacking group was able to acquire the hashed passwords of millions of users. These were, as per another security researcher Rajshekhar Rajaharia, allegedly decrypted by another hacker.
“This could lead to a serious problem for the affected customers as bad actors would gain access to their personal web accounts using the decrypted passwords and leaked email addresses,” Rajaharia told Gadegets360.
So, if you are one of the millions of users on BigBasket, we would recommend you immediately change your BigBasket password. Moreover, you can go to the “Have I Been Pwned?” website, which is reportedly sending out emails to notify users about the BigBasket data leak, to check if your details are included in the leaked data or not.