Well, 2021 seems to be the year of the data breaches. After major companies like Facebook, LinkedIn, Mobikwik and Dominos suffered major data breaches recently, this time it is India-based online grocery shopping platform BigBasket that has suffered a data breach.
Recently discovered by security researcher Alon Gal (Twitter / @ UnderTheBreach), the company confirmed the BigBasket data breach in November last year. Now, the data acquired in the hack has been shared publicly on the dark web. Anyone can access it for free.
Gal shared the news via tweet recently. So, according to the researcher, the leaked BigBasket data includes names, email IDs, hashed passwords, phone numbers, and dates of birth of 20 million users on the platform.
The infamous threat actor “ShinyHunters” just leaked the database of “BigBasket, a famous online grocery delivery service from India”. (@bigbasket_com)
More than 20,000,000 customers affected and information such as emails, names, hashed passwords, dates of birth and phone numbers was leaked. pic.twitter.com/tD5TMxNkH7
– Alon Gal (Under the Gap) (@UnderTheBreach) April 25, 2021
The attack has been carried out by an infamous threat actor dubbed “ShinyHunters” and, most importantly, the group of hackers was able to acquire the hashed passwords of millions of users. These were, according to another security researcher Rajshekhar Rajaharia, allegedly decrypted by another hacker.
“This could create a serious problem for affected customers, as criminals would gain access to their personal web accounts using the cracked passwords and leaked email addresses.” Rajaharia He said Gadegets360.
Therefore, if you are one of the millions of BigBasket users, we recommend that you immediately change your BigBasket password. Also, you can go to the “They have cheated me?” website, which reportedly sends emails to notify users about BigBasket’s data leak, to check whether their data is included in the leaked data or not.
Thanks For Reading 🙂
EAT < SLEEP < TECH< REPEAT