Data breach exposes BigBasket confidential information; more than 20 million affected users

Information security experts report that a well known hacker leaked about 20 million user records from BigBasket, a popular edible delivery service based in India. The database, published on a popular hacking forum, contains personal information and passwords protected with hashing.

Just a few hours ago, the renowned hacker identified as ShinyHunters published the database on one of the leading hacking platforms in India. The worst part is that the hacker didn’t even demand a payment in exchange for disclosing the information, so the database is available to any interested user.

Although it was initially mentioned that the report could be fraudulent, it should be remembered that by the end of 2020 the company confirmed that it was the victim of a security incident that could have resulted in a data breach: “There was a data breach and the report has already been submitted to the authorities,” a representative of the company then said.

Moreover, experts believe that the hacker might have revealed a free version of the database because the information was already sold a few months ago.

It should be noted that the database includes information from BigBasket customers, including email addresses, hashed passwords, email addresses and phone numbers, among other information.

The exposed passwords are protected with the SHA1 algorithm, and forum members claim to have decrypted 2 million of the passwords contained in the database. Moreover, another member of the hacking forum states that at least 700 thousand of affected clients used the word “password” as a word of access to their accounts, in a highly unusable cybersecurity practice.

About the hacker responsible for this leak, experts mention that ShinyHunters has been involved in some of the most damaging cybersecurity incidents in the past year and a half, including the commitment to confidential information in Tokopedia, TeeSpring, Promo, Mathway and Wattpad, among other companies.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.