Security incidents sometimes transcend affected organizations, reaching levels of impact that IT security teams cannot foresee. This is the case with the data breach in BigBasket, which resulted in the leaking of sensitive information belonging to Flipkart users nearly seven months after the initial incident.
As some users will remember, BigBasket suffered a data breach that exposed information from up to 20 million users, who were on sale on various hacking forums. Now, hundreds of Flipkart users argue that their information has been compromised as a result of this incident.
To make matters worse, Flipkart users ensure that the leak includes their sensitive information, including passwords and usernames. As in any similar case, many of the affected people could have used the same credentials on other online platforms.
Satish Medapati, founder of Intentico, notified Inc42 on Twitter about Flipkart’s data leak. In his tweet, Medapati showed a screenshot containing a list of emails, passwords, loyalty rewards and other data.
The entrepreneur also claims that a WhatsApp user sent him a screenshot that included multiple details of the affected accounts. Medapati even mentioned that his Flipkart account details were compromised, although the company’s customer service team managed to regain control of his account: “About 17 orders were placed using my account. Reward coins were used and there were attempts to buy through my credit cards stored in Flipkart,” adds the entrepreneur.
In addition to Medapati, hundreds of Twitter users claim that their data has been compromised and that unknown users accessed their accounts to try to use their credit card details and loyalty rewards. Rajshekhar Rajaharia, a renowned cybersecurity researcher, mentions that the leaked screenshot comes from April 2021, so the dates match the incident in BigBasket. The expert also mentions that this data has been reused by threat actors and even sold on dark web forums or Telegram groups.
In response to these reports, a company spokesperson said: “At Flipkart we are absolutely focused on maintaining the security of our customers’ data and have robust information security systems and controls in place to safeguard data. We will track these reports and implement the necessary measures in case of finding anomalies.”
As a final confirmation of the leak, the information displayed by the entrepreneur is associated with a report on Have I Been Pwned, the largest online platform for tracking security incidents.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.