‘Big Basket’ Online Supermarket Breached and Data Leaked

  • Someone is selling the details of 20 million customers of the ‘Big Basket’ online supermarket.
  • The details include full names, email addresses, phone numbers, and delivery addresses.
  • The exposed individuals now run the risk of getting scammed, phished, or have their accounts stolen.

India’s largest online supermarket platform, ‘Big Basket,’ has suffered a data breach that appears to have occurred on October 14, 2020. The company hasn’t realized the security incident or chose to keep it a secret, hoping that nobody would notice, but the first samples of this data are already leaking on the dark web, so the event has now come to light.

Big Basket is a $2-billion giant, providing its online shopping services to people in Bangalore, Hyderabad, Mumbai, Pune, Chennai, Delhi, Noida, Mysore, Coimbatore, Vijayawada-Guntur, Kolkata, Ahmedabad-Gandhinagar, Lucknow-Kanpur, Gurgaon, Vadodara, Visakhapatnam, Surat, Nagpur, Patna, Indore, and Chandigarh Tricity city. Thus, almost the entire country of India is covered by Big Basket services.

Related: E-Commerce Firm ‘Lazada’ Breached by Hackers and User Data Accessed

Cyble’s researchers have located a newly posted data sale that involves a database belonging to Big Basket. The price that was set by the crooks is $40,000, and the size of the SQL file is about 15 GB. In there, one can find the details of roughly 20 million customers of the online supermarket, including the following:

  • Full names
  • Email addresses
  • Hashed passwords
  • Mobile phone numbers
  • Delivery addresses
  • Dates of birth
  • Location data
  • Login IP addresses
Source: Cyble

Fortunately, payment details haven’t been exposed, but it’s not that the rest of what was compromised is not that important. The above details open the way to scamming, spamming, phishing, credential stuffing, and even identity theft actors. Even though the passwords were hashed, customers of Big Basket should reset their password on any place they may be using it.

Especially during these rough times of the Coronavirus situation, people turned to remote shopping solutions like the one offered by Big Basket, trusting the platform with their personal details. Cyble has added the data of the pack on its breach monitoring and notification system, so you may use its “AmIBreached” tool to check if you’re included.

If you happen to receive any emails or SMS making weird claims and asking you to give away more information or money, delete them immediately and block the number. Next time you want to buy stuff online, prefer an anonymous email address and a fake name if that’s possible. Always share the least possible valid information you need to, and when incidents like this one happen, your troubles will be minimal.



How to Watch Formula 1 Without Cable in 2021: Live Stream F1 Grand Prix Anywhere!

The 2021 Formula 1 World Championship is nearly underway, and we're excited to see the big names on the circuit once more,...

How to watch NFL Draft 2021 Without Cable: Date, Time, Schedule, Pick Order, Location, Mock Drafts

The 2021 NFL Draft is almost upon us, and soon the top prospects in the world of football will know where they...

How to Watch NHL 2021 Without Cable – Live Stream Hockey Online from Anywhere

The 2021 NHL season is here, and it ongoing after getting a dodgy start. The 104th season of the National Hockey League...