Emails, Phone No Of 2 Crore BigBasket Users Leaked For Free; Hashed Passwords Also Leaked

In another data leak news, personal information and records of over 20 million users of the online grocery delivery service, Big Basket has been leaked on a popular hacking forum.

This is the second such instance of data breach reported by BigBasket in less than six months, after November 2020.

20,000,000+ User Data Leaked

The infamous threat actor, ‘ShinyHunters’ leaked the database of the leading Indian online grocery delivery service BigBasket, on Sunday.

The leaked database includes sensitive information of over 20 million BigBasket users.

Infamous threat actor "ShinyHunters" just leaked the database of "BigBasket, a famous Indian ?? online grocery delivery service. (@bigbasket_com)

20,000,000+ clients affected and information such as emails, names, hashed passwords, birthdates and phone numbers were leaked. pic.twitter.com/tD5TMxNkH7

— Alon Gal (Under the Breach) (@UnderTheBreach) April 25, 2021

These include customer information like email addresses, SHA1 hashed passwords, addresses, phone numbers, and other assorted information.

The threat actor has released the whole database for free on a well-known hacking forum.

The members of the hacking forum have claimed cracking 2 million of these user passwords already, which were ahashed using the SHA1 algorithm.

One such forum user has informed that about 700,000 listed customers have used ‘password’ as the password for their accounts.

The infamous hacker ShinyHunters has in the past executed multiple data breaches.

The information security forum and publication BleepingComputer has confirmed some of the records as accurate, which means that BigBasket customers must strongly be advised to change their account passwords with immediate effect.