On a prominent hacking website, a threat actor leaked approximately 20 million BigBasket user records containing personal information and hashed passwords. This includes details regarding email address, hashed passwords and mobile number of the users.
They are accused of having hacked Wattpad, Tokopedia, Dave, Promo, Minted and many more of them. This time it’s the popular Indian grocery store BigBasket.
ShinyHunter had attempted to sell the stolen data in private sales, following which BigBasket announced to Bloomberg News in November 2020 that they had suffered a data breach.
ShinyHunters has now published the entire archive, which currently includes more than 20 million user information, for free, as is customary for older breaches privately sold by the threat actor.
The passwords are hashed with the SHA1 algorithm, and forum members claim to have cracked 2 million of the passwords mentioned so far. According to another member, 700,000 customers used the password ‘password’ for their accounts.
BleepingComputer has verified that some of the documents are authentic, including information unique to the BigBasket service. It is thereby advised that the BigBasket users make changes to their passwords immediately, both on BigBasket and on any other sites that use the same password, maybe using a password manager.