The pandemic has given a boost to online shopping platforms especially the ones that sell groceries. BigBasket is one of them. While the BigBasket online grocery store is used by million of users in India, there’s a concerning news coming in for those users.
As per a recent report, more than 2 crore user information including some of the sensitive data have been leaked on the dark web. Meanwhile, the website Have I Been Pwned?, which informs users if their data has been compromised by any recent breaches, has sent an email stating the data leak to affected users. Have you received the email too? Let us know.
Let’s find out what has actually happened
BigBasket data leak: Here’s what happened
Hours after the data leak was reported, BigBasket acknowledged and shared an official statement. The online grocery store said, “This article / social media post refers to an alleged data breach in Nov-2020 and not something that has happened recently. The reason we know it’s not recent is that the article /social media post mentions the release of hashed passwords.”
“We had eliminated all hashed passwords from our system and moved to a secure OTP-based authentication mechanism quite some time back. Also, our site does not collect or store any sensitive personal data of customers like credit card details. So customer data continues to be safe and no further action needs to be taken by customers,” it further noted.
What data were leaked?
The database with sensitive information of over 2 crore BigBasket users has been alleged leaked on the dark web. As per the report, the database includes email addresses, phone numbers, hashed passwords of affected users, physical addresses and date of birth.
The leaked database of BigBasket was put on the dark web by a hacker group known as ShinyHunters. The database is said to have included hashed passwords of affected customers.
It is now said that some of those passwords in plain text are put on sale on the dark web. Cyber-security researcher Rajshekhar Rajaharia said, “this could lead to a serious problem for the affected customers as bad actors would gain access to their personal Web accounts using the decrypted passwords and leaked email addresses.”