- Someone is selling the details of 20 million customers of the ‘Big Basket’ online supermarket.
- The details include full names, email addresses, phone numbers, and delivery addresses.
- The exposed individuals now run the risk of getting scammed, phished, or have their accounts stolen.
India’s largest online supermarket platform, ‘Big Basket,’ has suffered a data breach that appears to have occurred on October 14, 2020. The company hasn’t realized the security incident or chose to keep it a secret, hoping that nobody would notice, but the first samples of this data are already leaking on the dark web, so the event has now come to light.
Big Basket is a $2-billion giant, providing its online shopping services to people in Bangalore, Hyderabad, Mumbai, Pune, Chennai, Delhi, Noida, Mysore, Coimbatore, Vijayawada-Guntur, Kolkata, Ahmedabad-Gandhinagar, Lucknow-Kanpur, Gurgaon, Vadodara, Visakhapatnam, Surat, Nagpur, Patna, Indore, and Chandigarh Tricity city. Thus, almost the entire country of India is covered by Big Basket services.
Cyble’s researchers have located a newly posted data sale that involves a database belonging to Big Basket. The price that was set by the crooks is $40,000, and the size of the SQL file is about 15 GB. In there, one can find the details of roughly 20 million customers of the online supermarket, including the following:
- Full names
- Email addresses
- Hashed passwords
- Mobile phone numbers
- Delivery addresses
- Dates of birth
- Location data
- Login IP addresses
Fortunately, payment details haven’t been exposed, but it’s not that the rest of what was compromised is not that important. The above details open the way to scamming, spamming, phishing, credential stuffing, and even identity theft actors. Even though the passwords were hashed, customers of Big Basket should reset their password on any place they may be using it.
Especially during these rough times of the Coronavirus situation, people turned to remote shopping solutions like the one offered by Big Basket, trusting the platform with their personal details. Cyble has added the data of the pack on its breach monitoring and notification system, so you may use its “AmIBreached” tool to check if you’re included.
If you happen to receive any emails or SMS making weird claims and asking you to give away more information or money, delete them immediately and block the number. Next time you want to buy stuff online, prefer an anonymous email address and a fake name if that’s possible. Always share the least possible valid information you need to, and when incidents like this one happen, your troubles will be minimal.